# appkit-web-wallet.pages.dev — SUSPICIOUS > Active crypto drainer hosted on appkit-web-wallet.pages.dev, impersonating a web wallet. Resolves to IP 172.66.47.147. ## Summary PhishDestroy identifies appkit-web-wallet.pages.dev as an active crypto drainer masquerading as a web wallet service. The domain is part of a campaign leveraging Cloudflare Pages to deploy a malicious drainer kit designed to steal cryptocurrency assets from unsuspecting users. The threat actor behind this infrastructure employs deceptive domain names and SSL certificates from trusted providers like Google Trust Services to lend credibility to their fraudulent site. The drainer kit, identified under seed 7fdbc0, is engineered to intercept and divert cryptocurrency transactions to attacker-controlled wallets, posing a significant risk to users interacting with web-based wallet services. This domain resolves to IP address 172.66.47.147 and is registered through Cloudflare, Inc., utilizing Cloudflare Pages for hosting. VirusTotal currently shows 0 detections out of 95 scanners, indicating a low detection rate despite its malicious intent. The SSL certificate is issued by Google Trust Services, which may further deceive users into trusting the fraudulent site. The domain’s infrastructure is designed to evade early detection, relying on legitimate-looking infrastructure to bypass security measures. Given the lack of blocklist entries and the absence of detections on VirusTotal, this domain remains a high-risk threat with potential for widespread abuse. The domain appkit-web-wallet.pages.dev is currently active and under investigation by threat intelligence teams. Immediate response actions include blacklisting the domain and its associated IP, and updating security controls to block access. Users are advised to avoid interacting with this domain or any services linked to it, particularly those requesting cryptocurrency transactions or wallet connections. The remaining risk is high due to the domain’s low detection rate and the use of trusted infrastructure. Continuous monitoring and proactive threat hunting are recommended to mitigate the impact of this campaign. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.147 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/appkit-web-wallet.pages.dev - PhishDestroy: https://phishdestroy.io/domain/appkit-web-wallet.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/appkit-web-wallet.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/appkit-web-wallet.pages.dev/ Last updated: 2026-04-09