# pub-ea66fe1b3c8e4757bafadfb9728b159c.r2.dev — MALICIOUS

> PhishDestroy identifies pub-ea66fe1b3c8e4757bafadfb9728b159c.r2.dev as a crypto drainer phishing domain. 18 of 95 VirusTotal vendors flagged this site.

## Summary
PhishDestroy identifies pub-ea66fe1b3c8e4757bafadfb9728b159c.r2.dev as an active crypto drainer phishing domain designed to trick cryptocurrency users into connecting their wallets and unknowingly approving malicious token transfers that silently drain funds.  

This domain was flagged by 18 of 95 VirusTotal security vendors and is currently blocked by multiple intelligence feeds including OpenPhish, PhishingArmy, PhishingDB, and OISD. The domain resolves to IP address 104.18.54.45 and uses a Let's Encrypt SSL certificate to appear legitimate. The domain was registered recently and is hosted on Cloudflare's r2.dev storage service.  

If you visited this site, disconnect your wallet immediately, revoke any unauthorized permissions through your wallet interface, and run a malware scan on your device. Do not interact with any further prompts from this domain. Report the incident to your wallet provider and consider transferring remaining assets to a new wallet with a different seed phrase. Monitor transaction histories closely for signs of unauthorized transfers.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 104.18.54.45

## Detection Status
- VirusTotal: 18 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 4 hits
  Lists: ["OpenPhish", "PhishingArmy", "PhishingDB", "OISD"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/pub-ea66fe1b3c8e4757bafadfb9728b159c.r2.dev
- PhishDestroy: https://phishdestroy.io/domain/pub-ea66fe1b3c8e4757bafadfb9728b159c.r2.dev/
- LLM endpoint: https://phishdestroy.io/domain/pub-ea66fe1b3c8e4757bafadfb9728b159c.r2.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/pub-ea66fe1b3c8e4757bafadfb9728b159c.r2.dev/
Last updated: 2026-04-10