# airdrop-walletconnect.pages.dev — MALICIOUS — Crypto Drainer (Wallet Connect Abuse) > PhishDestroy identifies airdrop-walletconnect.pages.dev as a live crypto-drain site. This WalletConnect-branded phishing page hides a drainer kit that has. ## Summary PhishDestroy independently confirms that airdrop-walletconnect.pages.dev is an active crypto-draining phishing site targeting WalletConnect users. The page presents itself as an airdrop portal but embeds the WalletConnect Abuse drainer kit designed to steal private keys and tokens. Browser wallet extensions, including MetaMask and ScamSniffer, already flag and block this domain, indicating widespread recognition of its malicious nature. Technical indicators place this domain squarely in the high-risk category. VirusTotal reports that 15 out of 95 security vendors flag airdrop-walletconnect.pages.dev, while PhishDestroy’s own analysis shows the site sits on three independent blocklists. The domain is registered through Cloudflare, Inc. and resolves to IP address 172.66.47.27. The SSL certificate is issued by Google Trust Services, giving it an air of legitimacy. Registration via a major CDN masks hosting details while facilitating rapid takedown evasion. As of today, airdrop-walletconnect.pages.dev remains accessible to unprotected users despite multiple vendor detections. PhishDestroy has escalated the threat to ‘active’ status and is coordinating with hosting providers and security platforms for aggressive takedown. The combination of a WalletConnect brand impersonation, live drainer kit deployment, and partial detection creates a high-risk scenario where inexperienced users risk irreversible cryptocurrency losses. Until full takedown occurs, PhishDestroy recommends immediate browser-level blocking and wallet-scanning for anyone who may have visited the domain. ## Threat Details - Verdict: MALICIOUS — Crypto Drainer (Wallet Connect Abuse) - Site status: unknown (HTTP ?) - Drainer type: Wallet Connect Abuse - Target brand: WalletConnect ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.27 ## Detection Status - VirusTotal: 15 vendors flagged - Google Safe Browsing: clean - Blocklists: 3 hits Lists: ["MetaMask", "ScamSniffer", "SEAL"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/0308548f-a89b-46f1-aa95-b853d235d1e1 - PhishDestroy: https://phishdestroy.io/domain/airdrop-walletconnect.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/airdrop-walletconnect.pages.dev/llm.txt ## If You Visited This Site 1. Revoke all token approvals immediately (revoke.cash / unrekt.net) 2. Move remaining funds to a new wallet 3. Do not interact with any transactions from this site 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/airdrop-walletconnect.pages.dev/ Last updated: 2026-03-28