# abra-xas-wallet-access.pages.dev — SUSPICIOUS

> abra-xas-wallet-access.pages.dev is a live crypto drainer posing as a wallet access portal. It uses a Google Trust Services SSL cert and resolves to IP 188.114.

## Summary
PhishDestroy identifies abra-xas-wallet-access.pages.dev as an active crypto drainer campaign leveraging a spoofed wallet access interface. The domain is designed to trick victims into connecting cryptocurrency wallets, enabling unauthorized asset transfers via a malicious drainer kit. The threat actor impersonates legitimate wallet services to deceive users into granting permissions, with observed payloads targeting Ethereum and Solana ecosystems. Seed hash 6e221d correlates this domain with prior drainer infrastructure.


Technical indicators confirm this domain is weaponized: VirusTotal shows 0/95 detections despite active abuse, the domain resolves to Cloudflare-hosted IP 188.114.96.3 under Cloudflare, Inc. registrar, and utilizes a Google Trust Services SSL certificate for added credibility. While Google Safe Browsing (GSB) status remains unflagged, the absence of detections highlights evasion tactics. The domain’s recent activation and low VT score suggest it is part of a rapidly evolving campaign.


Current status is active with ongoing redirection attempts observed. Immediate containment requires blocking the domain at DNS/network level and flagging the IP 188.114.96.3 in perimeter defenses. Users should avoid interacting with this domain entirely and report any suspicious wallet connection prompts. Remaining risk is high due to the drainer’s ability to bypass initial detection layers, emphasizing the need for real-time threat intelligence updates and wallet-level safeguards.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/52d1cc7f-105b-4731-bdf5-9d909bfb2a45
- PhishDestroy: https://phishdestroy.io/domain/abra-xas-wallet-access.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/abra-xas-wallet-access.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/abra-xas-wallet-access.pages.dev/
Last updated: 2026-03-30