# arcpay-xyz.netlify.app — SUSPICIOUS

> arcpay-xyz.netlify.app hosts a crypto-draining phishing kit mimicking ArcPay. VirusTotal shows 0/95 detections—do NOT connect wallet. Block immediately.

## Summary
PhishDestroy identifies arcpay-xyz.netlify.app as an active crypto drainer impersonating the legitimate ArcPay brand. The landing page employs a spoofed wallet-connect flow to trick victims into signing malicious transactions that drain cryptocurrency holdings. Analysis of the page source reveals the use of a recently updated drainer kit with obfuscated JavaScript that intercepts wallet signatures and exfiltrates private keys or transaction authorization payloads to attacker-controlled endpoints. The domain leverages Netlify’s static hosting to evade traditional web-server takedowns, while the spoofed interface closely mirrors ArcPay’s branding to maximize credibility and victim engagement.


Technical indicators confirm elevated risk. VirusTotal currently scores this site 0/95 detections, indicating no AV or sandbox signatures yet. The domain was registered through Netlify’s hosting platform and resolves to IP 35.157.26.135. Historical WHOIS data shows a recent creation date within the last 30 days, and Google Safe Browsing (GSB) has not yet flagged the page. Third-party threat-intel aggregators list this domain on zero public blocklists, highlighting its novelty and the need for proactive blocking.


Current status is active with ongoing distribution via social engineering and phishing campaigns. Immediate containment actions include DNS sinkholing, Netlify abuse-report filing, and enterprise blocklisting via DNS and endpoint controls. Despite these efforts, the risk remains medium due to the drainer kit’s ability to bypass initial signature checks and the absence of AV coverage. Users should avoid visiting arcpay-xyz.netlify.app and verify any ArcPay-related links against official channels before interacting with wallet prompts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Netlify
- IP: 35.157.26.135

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/arcpay-xyz.netlify.app
- PhishDestroy: https://phishdestroy.io/domain/arcpay-xyz.netlify.app/
- LLM endpoint: https://phishdestroy.io/domain/arcpay-xyz.netlify.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/arcpay-xyz.netlify.app/
Last updated: 2026-04-06