# atomicwllet.webflow.io — MALICIOUS

> PhishDestroy identifies atomicwllet.webflow.io as a cryptocurrency wallet drainer targeting Atomic Wallet users. 18/95 vendors flagged this domain.

## Summary
PhishDestroy identifies atomicwllet.webflow.io as an active cryptocurrency wallet drainer impersonating Atomic Wallet, a widely used cryptocurrency storage platform. This fraudulent domain employs a visually sophisticated webflow.io-hosted interface designed to deceive users into entering sensitive wallet recovery phrases or private keys under the guise of wallet migration or security update processes. The threat actor leverages social engineering tactics to exploit trust in the Atomic Wallet brand while executing unauthorized fund transfers through cryptocurrency drainer scripts embedded in the landing page.  This domain exhibits multiple indicators of compromise that align with advanced phishing campaigns targeting blockchain assets. VirusTotal analysis confirms detection by 18 out of 95 security vendors, with the domain resolving to IP address 104.18.36.248. The SSL certificate is issued by Google Trust Services, adding a superficial layer of legitimacy. While the exact creation date and registrar details remain unverified in public databases, this infrastructure actively hosts malicious content designed for credential harvesting and private key compromise. The presence of cryptocurrency-specific drainer tooling suggests this is not a generic phishing operation but a targeted campaign against digital asset holders.  As of current analysis, atomicwllet.webflow.io remains in active status, with PhishDestroy tracking continued operation despite security vendor detection. The elevated risk level reflects the domain's confirmed malicious functionality in harvesting cryptocurrency wallet credentials. Immediate remediation requires blocking the IP range 104.18.36.0/24 at network security controls, flagging the domain in organizational threat intelligence platforms, and warning end users about this specific impersonation tactic. While takedown procedures may eventually remove the domain, the persistence of similar campaigns indicates permanent vigilance is required in cryptocurrency wallet security protocols. All users should verify website URLs through official Atomic Wallet channels before entering any sensitive information.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 104.18.36.248

## Detection Status
- VirusTotal: 18 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/2d33687b-7823-4e3c-93fd-b6c8d714e38c
- PhishDestroy: https://phishdestroy.io/domain/atomicwllet.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/atomicwllet.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/atomicwllet.webflow.io/
Last updated: 2026-03-29