# wpteamcdn.beer — MALICIOUS

> PhishDestroy identifies wpteamcdn.beer as a live crypto drainer phishing domain with 13/95 VirusTotal detections. Never enter wallet credentials here.

## Summary
PhishDestroy identifies wpteamcdn.beer as an active crypto drainer phishing domain designed to steal cryptocurrency wallet credentials and initiate unauthorized transfers. This domain mimics legitimate WordPress content delivery networks to deceive users into entering sensitive wallet information or downloading malicious scripts. Upon further analysis, PhishDestroy confirmed this domain resolves to IP address 178.16.52.101 and utilizes a Let’s Encrypt SSL certificate to appear trustworthy. The domain was registered through Dynadot Inc on March 25, 2026, and has already been flagged by 13 out of 95 VirusTotal security vendors, indicating elevated malicious activity.  This domain exhibits multiple red flags consistent with active phishing operations. The registration date is highly suspicious—only days old at the time of analysis—suggesting a rapid deployment tactic to avoid detection. The use of Dynadot Inc as the registrar and Let’s Encrypt for SSL certificates are common tactics among threat actors seeking to exploit trust indicators. The IP address 178.16.52.101 has no legitimate association with WordPress or CDN services, further confirming its malicious intent. With 13/95 VirusTotal detections, the domain remains partially undetected by security tools, increasing the risk of successful user compromise. Given the domain’s age and rapid deployment, it is likely part of a larger campaign targeting cryptocurrency users under the guise of legitimate service updates.  Users who have visited wpteamcdn.beer should immediately assess their cryptocurrency wallets for unauthorized transactions. Disconnect any affected devices from the internet and scan for malware using reputable antivirus software. Revoke any session tokens or API keys exposed during the visit. Report the domain to PhishDestroy for further analysis and consider rotating wallet credentials if credentials were entered. Stay vigilant for follow-up phishing attempts, as threat actors often leverage compromised sessions for additional attacks. Monitor financial accounts closely and report suspicious activity to relevant authorities. For continued safety, verify all links and domains using PhishDestroy’s real-time threat intelligence before interacting.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-25 08:57:58
- Registrar: Dynadot Inc
- IP: 178.16.52.101

## Detection Status
- VirusTotal: 13 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/86f98392-7eec-484a-a985-438b7c78f924
- PhishDestroy: https://phishdestroy.io/domain/wpteamcdn.beer/
- LLM endpoint: https://phishdestroy.io/domain/wpteamcdn.beer/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/wpteamcdn.beer/
Last updated: 2026-03-26