# rootinge.ukwest.cloudapp.azure.com — MALICIOUS > rootinge.ukwest.cloudapp.azure.com is a crypto drainer posing as a login portal. VirusTotal flags 6/95 vendors. Verify safety on PhishDestroy immediately. ## Summary PhishDestroy identifies rootinge.ukwest.cloudapp.azure.com as an active crypto drainer domain designed to trick users into connecting cryptocurrency wallets under the guise of a legitimate login portal. This domain employs social engineering tactics to deceive visitors into authorizing malicious transactions, resulting in direct financial losses. The infrastructure behind this threat leverages cloud hosting on Microsoft Azure to maintain accessibility while evading detection, making it a persistent risk for unsuspecting users. This domain has been flagged by multiple security vendors, with VirusTotal reporting detections from 6 out of 95 security engines. It is also blacklisted by Google Safe Browsing under the SOCIAL_ENGINEERING category, indicating confirmed malicious activity. The domain was registered through MarkMonitor, Inc., a well-known registrar often exploited by threat actors for anonymity, and traces back to an unusually early creation date of October 25, 1994—likely an artifact of domain squatting or historical registration manipulation. Resolving to IP 51.11.110.216, this infrastructure has been linked to fraudulent activities targeting cryptocurrency users. Users who have visited rootinge.ukwest.cloudapp.azure.com should immediately cease any wallet connections or transaction authorizations tied to this domain. Disconnect any connected wallets from your browser or device, revoke any unauthorized permissions via your wallet’s security settings, and scan your system for potential malware or browser extensions that may have facilitated this interaction. Report the domain to PhishDestroy and your cryptocurrency platform’s fraud team to prevent further exploitation. Exercise heightened caution with unsolicited links, especially those prompting wallet connections, and verify URLs through trusted sources before engaging. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 1994-10-25 04:00:00 - Registrar: MarkMonitor, Inc. - IP: 51.11.110.216 ## Detection Status - VirusTotal: 6 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/a86dac91-9e8d-42e0-b9ac-50159047d77d - PhishDestroy: https://phishdestroy.io/domain/rootinge.ukwest.cloudapp.azure.com/ - LLM endpoint: https://phishdestroy.io/domain/rootinge.ukwest.cloudapp.azure.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/rootinge.ukwest.cloudapp.azure.com/ Last updated: 2026-03-22