# pub-d71709b11f304e0b87fe3275219dc568.r2.dev — MALICIOUS > Security advisory: pub-d71709b11f304e0b87fe3275219dc568.r2.dev identified as an active crypto drainer with 17 of 95 VirusTotal vendors flagging it. ## Summary Domain pub-d71709b11f304e0b87fe3275219dc568.r2.dev has been confirmed as an active crypto drainer site engaged in malicious activities. This domain poses a high-risk threat to users, particularly those involved in cryptocurrency transactions, as it is designed to siphon funds from unsuspecting victims. The site is currently active and should be treated as a critical security concern. This domain resolves to IP address 104.18.54.45 and is associated with a Let’s Encrypt SSL certificate, which may be leveraged to establish false trust. PhishDestroy’s analysis reveals that 17 out of 95 VirusTotal security vendors have flagged this domain, highlighting its malicious nature. Additionally, it has been blocked by multiple reputable blocklists, including OpenPhish, PhishingArmy, and OISD, totaling three separate detections. The domain’s infrastructure is hosted on Cloudflare’s R2 storage service, which may be exploited to evade traditional security measures. Given the active status of this crypto drainer and its widespread detection across security platforms, immediate action is required to mitigate potential risks. Organizations and individuals are strongly advised to block this domain at the network level and update firewall rules to prevent access. Users should exercise heightened caution when engaging with unknown domains, especially those involving cryptocurrency transactions. It is also recommended to scan endpoints for signs of compromise and to report this domain to internal security teams or threat intelligence platforms for further analysis. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 104.18.54.45 ## Detection Status - VirusTotal: 17 vendors flagged - Google Safe Browsing: clean - Blocklists: 3 hits Lists: ["OpenPhish", "PhishingArmy", "OISD"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/f8638926-0c16-465f-95d2-acf19dda4850 - PhishDestroy: https://phishdestroy.io/domain/pub-d71709b11f304e0b87fe3275219dc568.r2.dev/ - LLM endpoint: https://phishdestroy.io/domain/pub-d71709b11f304e0b87fe3275219dc568.r2.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/pub-d71709b11f304e0b87fe3275219dc568.r2.dev/ Last updated: 2026-03-27