# pub-eb03e594738b420c8a34cb7366d9f29b.r2.dev — MALICIOUS > PhishDestroy identifies pub-eb03e594738b420c8a34cb7366d9f29b.r2.dev as a cryptocurrency drainer domain flagged by 16 of 95 VirusTotal vendors. ## Summary PhishDestroy identifies the domain pub-eb03e594738b420c8a34cb7366d9f29b.r2.dev as a cryptocurrency drainer currently active and engaged in malicious operations. This domain is designed to deceive users into connecting their cryptocurrency wallets, enabling unauthorized fund transfers and asset theft. The threat is classified as high-risk due to its operational status and the specific intent to drain digital assets from unsuspecting victims. This domain was flagged by 16 out of 95 VirusTotal security vendors, indicating significant malicious intent. It resolves to the IP address 104.18.50.34 and is secured with a Let's Encrypt SSL certificate. The domain is blocked by three major security blocklists, including OpenPhish, PhishingArmy, and OISD, underscoring its widespread recognition as a threat. The IP address has a low trust score, further highlighting its association with malicious activities. While the specific registrar and creation date are not provided, the combination of these indicators paints a clear picture of a well-established malicious domain. The domain pub-eb03e594738b420c8a34cb7366d9f29b.r2.dev remains active and poses a severe risk to users, particularly those involved in cryptocurrency transactions. Immediate action is required to mitigate potential damage. Users are advised to block this domain at the network level and avoid any interaction with it. Organizations should update their firewall rules and security policies to include this domain in their threat intelligence feeds. Additionally, users should verify the legitimacy of any unsolicited requests involving cryptocurrency transactions and employ hardware wallets or other secure methods for managing digital assets. Proactive monitoring of network traffic and endpoint security solutions is essential to detect and prevent potential breaches involving this domain. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 104.18.50.34 ## Detection Status - VirusTotal: 16 vendors flagged - Google Safe Browsing: clean - Blocklists: 3 hits Lists: ["OpenPhish", "PhishingArmy", "OISD"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/22b9be8b-eed5-46f8-8f29-c61fdfd2035b - PhishDestroy: https://phishdestroy.io/domain/pub-eb03e594738b420c8a34cb7366d9f29b.r2.dev/ - LLM endpoint: https://phishdestroy.io/domain/pub-eb03e594738b420c8a34cb7366d9f29b.r2.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/pub-eb03e594738b420c8a34cb7366d9f29b.r2.dev/ Last updated: 2026-03-27