# facdocspdfouvrir.weebly.com — MALICIOUS > facdocspdfouvrir.weebly.com is a crypto drainer impersonating document viewers. VirusTotal shows 18/95 vendors flagged this domain. Block access immediately. ## Summary PhishDestroy identifies an active crypto drainer campaign hosted at facdocspdfouvrir.weebly.com, designed to trick users into downloading malicious documents that drain cryptocurrency wallets. The domain mimics legitimate document-sharing platforms, tricking victims into opening what appears to be a PDF or Office file. Upon execution, the payload silently interacts with connected wallets (e.g., MetaMask, Phantom) to initiate unauthorized transactions, often draining funds within seconds of user interaction. This attack vector is particularly dangerous due to its reliance on social engineering—users believe they are viewing a harmless file when in fact they are executing a malicious script. Security teams should treat this as a high-priority threat due to the irreversible nature of cryptocurrency theft. This domain was flagged by multiple threat intelligence sources, including OpenPhish. VirusTotal analysis reveals that 18 out of 95 security vendors have marked this domain as malicious, indicating a significant but not universal consensus on its harmful nature. The domain resolves to IP 74.115.51.8 and uses a Let’s Encrypt SSL certificate, which may lull users into a false sense of security. Registered through Safenames Ltd in 2006, this domain has been active for nearly two decades, suggesting it may have been compromised or repurposed for malicious use. It has also been identified on one security blocklist, further confirming its threat status. The combination of longevity, legitimate-appearing infrastructure, and active abuse makes this a sophisticated and persistent threat. If users or employees have visited facdocspdfouvrir.weebly.com, they should immediately disconnect from the internet and scan all devices with updated antivirus software. Cryptocurrency wallet extensions should be inspected for unauthorized permissions, and any suspicious transactions should be reported to the wallet provider or exchange. Organizations should block this domain at the network perimeter and alert users to be cautious of unsolicited document-sharing links. Implementing browser-based security policies to restrict access to untrusted domains can mitigate the risk of similar attacks. Threat hunting teams should search for indicators of compromise (IoCs) related to this domain, including connections to 74.115.51.8 and any unusual wallet activity. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2006-03-29 00:25:07 - Registrar: Safenames Ltd - IP: 74.115.51.8 ## Detection Status - VirusTotal: 18 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["OpenPhish"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/45c07410-0fb8-4efc-b36e-aea1cabc3f40 - PhishDestroy: https://phishdestroy.io/domain/facdocspdfouvrir.weebly.com/ - LLM endpoint: https://phishdestroy.io/domain/facdocspdfouvrir.weebly.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/facdocspdfouvrir.weebly.com/ Last updated: 2026-03-27