# erajmore.digital — MALICIOUS

> erajmore.digital is flagged for crypto draining scams impersonating Cloudflare. Avoid interacting; domain is offline but was high risk.

## Summary
PhishDestroy identifies erajmore.digital as a high-risk crypto drainer domain that impersonated a generic Cloudflare brand. The domain was primarily used to execute social engineering attacks aimed at stealing cryptocurrency assets from unsuspecting victims. Due to its malicious intent and potential financial impact, this domain represents a significant threat to users interacting with cloud service-related platforms.

The domain was registered via PDR Ltd. d/b/a PublicDomainRegistry.com on February 21, 2026, and resolved to IP address 172.67.195.246. It appeared on five different security blocklists and was flagged by 21 out of 95 security vendors on VirusTotal. Google Safe Browsing specifically categorized it under SOCIAL_ENGINEERING, confirming its use in deceptive tactics. AlienVault OTX also detected this domain in one threat pulse, further validating its malicious activity. Despite its current offline status, the infrastructure and tactics used suggest a well-organized phishing campaign targeting cloud service users.

To mitigate risks associated with erajmore.digital and similar campaigns, users should avoid clicking on unsolicited links claiming to be from Cloudflare or related cloud services. Organizations are advised to update their blocklists to include this domain and monitor network traffic for connections to suspicious IPs such as 172.67.195.246. Employing multi-factor authentication and educating users on identifying social engineering scams can reduce exposure to crypto draining threats. Continuous vigilance and timely threat intelligence sharing remain critical defenses against such impersonation-based phishing attacks.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Helvionex - ICO & Crypto

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Expires: 2027-01-15 00:00:00
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- Country: IN
- IP: 172.67.195.246
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: carlos.ns.cloudflare.com ximena.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 21 vendors flagged
  Vendors: ["alphaMountain.ai", "BitDefender", "Chong Lua Dao", "Cluster25", "CRDF", "CyRadar", "DNS8", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Gridinsoft", "Lionic", "Netcraft", "PREBYTES", "Seclookup", "SOCRadar", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bcf9e-7237-7240-9ba3-af80394336f1.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/32af8a6e-11db-4bf1-80a9-5f0d06144510
- PhishDestroy: https://phishdestroy.io/domain/erajmore.digital/
- LLM endpoint: https://phishdestroy.io/domain/erajmore.digital/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/erajmore.digital/
Last updated: 2026-03-19