# atomic-wallitextension.webflow.io — MALICIOUS > atomic-wallitextension.webflow.io is a crypto drainer site—19/95 VirusTotal scanners flag it. Avoid this credential theft trap and report it immediately. ## Summary PhishDestroy identifies atomic-wallitextension.webflow.io as an active crypto drainer domain operating under the guise of a legitimate Webflow extension. This domain lures users into connecting cryptocurrency wallets under false pretenses, immediately authorizing malicious transactions to drain funds. The site masquerades as a wallpaper or utility extension but functions as a credential theft tool, specifically targeting blockchain wallet holders. Users who engage with this domain risk irreversible financial loss as soon as wallet permissions are granted. This domain was flagged by 19 out of 95 VirusTotal security vendors, indicating significant malicious activity. Resolving to IP 172.64.151.8 and secured with a Google Trust Services SSL certificate, it leverages legitimate infrastructure to appear credible. Despite the SSL certification, the domain's malicious intent is confirmed by widespread detection across multiple security platforms. Users should verify extension legitimacy before installation and avoid interacting with untrusted Webflow subdomains. If you have visited atomic-wallitextension.webflow.io, disconnect your wallet from any connected sites immediately. Revoke unauthorized permissions via your wallet’s app settings or official platform dashboards. Report the domain to your antivirus provider, browser safety teams, and platform hosts. Enable wallet transaction alerts and use hardware wallets for high-value assets to minimize future risks. Do not reinstall or interact further with this extension. Stay vigilant against brand impersonation and crypto drainer campaigns targeting Webflow users. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 172.64.151.8 ## Detection Status - VirusTotal: 19 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/621a70af-5441-4da3-bc3e-84c25c1f2858 - PhishDestroy: https://phishdestroy.io/domain/atomic-wallitextension.webflow.io/ - LLM endpoint: https://phishdestroy.io/domain/atomic-wallitextension.webflow.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/atomic-wallitextension.webflow.io/ Last updated: 2026-03-21