# pub-e77880c5e4cd44a1b71fa0360befe319.r2.dev — MALICIOUS > Is pub-e77880c5e4cd44a1b71fa0360befe319.r2.dev malicious? This crypto drainer phishing domain is blocked by OpenPhish with a 16/95 VirusTotal detection score. ## Summary PhishDestroy identifies pub-e77880c5e4cd44a1b71fa0360befe319.r2.dev as an active crypto drainer scam domain designed to steal cryptocurrency assets through deceptive wallet interaction prompts. This domain operates without association to any legitimate brand, deploying a generic but effective drainer kit to siphon funds from unsuspecting victims. The infrastructure leverages recognizable services like Cloudflare’s R2 storage to host malicious payloads, creating a facade of legitimacy while executing unauthorized blockchain transactions. Technical indicators confirm the domain’s malicious nature: VirusTotal reports a 16/95 detection score from security vendors, while infrastructure analysis reveals a Cloudflare-resolved IP (104.18.50.34). The domain utilizes a Let’s Encrypt SSL certificate to enhance its appearance of trustworthiness. Registrar data indicates Cloudflare, Inc. as the hosting provider, with the domain recently created to evade historical blocklists. Google Safe Browsing (GSB) has flagged the domain, and it appears on 2 active security blocklists, including OpenPhish and PhishingArmy, reinforcing its malicious classification. The domain remains active at publication, with current security responses including active blocking by multiple threat intelligence platforms. Users are advised to avoid interaction, as the crypto drainer kit poses a high risk of irreversible financial loss. While immediate blocking mitigates exposure, the domain’s recent creation and utilization of reputable hosting services (Cloudflare) suggest ongoing evolution in tactics. Remaining risk is elevated due to the drainer’s ability to bypass some detection mechanisms, emphasizing the need for user vigilance and real-time threat intelligence updates. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 104.18.50.34 ## Detection Status - VirusTotal: 16 vendors flagged - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["OpenPhish", "PhishingArmy"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/c2104e6e-e82e-4eb8-9566-1056120534fb - PhishDestroy: https://phishdestroy.io/domain/pub-e77880c5e4cd44a1b71fa0360befe319.r2.dev/ - LLM endpoint: https://phishdestroy.io/domain/pub-e77880c5e4cd44a1b71fa0360befe319.r2.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/pub-e77880c5e4cd44a1b71fa0360befe319.r2.dev/ Last updated: 2026-03-27