# attomicwallettu.webflow.io — MALICIOUS > PhishDestroy identifies attomicwallettu.webflow.io as an active crypto drainer. 18/95 VirusTotal detections confirm risk. Check the full report. ## Summary PhishDestroy identifies attomicwallettu.webflow.io as an active cryptocurrency drainer impersonating Atomic Wallet infrastructure. The domain leverages a Webflow-hosted landing page to deceive victims into connecting wallets and signing malicious transactions that silently drain balances. Historically, drainer kits such as these harvest private keys or prompt fraudulent signature requests that authorize token transfers to attacker-controlled addresses. While no specific kit fingerprint is publicly available for this seed, the infrastructure aligns with recent campaigns targeting desktop and mobile wallet users through fake wallet update prompts and fraudulent swap interfaces. This domain was flagged with an elevated risk level due to clear drainer functionality and broad detection from leading security vendors. Technical indicators include resolution to IP 104.18.36.248, an SSL certificate issued by Google Trust Services, and a VirusTotal detection score of 18/95 as of the latest scan. The domain is hosted on Webflow’s platform and resolves through Cloudflare’s infrastructure. Although the exact creation date is not publicly disclosed via WHOIS, passive DNS suggests recent deployment consistent with active drainer operations. The domain remains unblocked by Google Safe Browsing (GSB) and has not been widely listed on public blocklists, increasing exposure to potential victims. As of today, the domain is active and continues to operate without takedown intervention. PhishDestroy assesses the current risk as elevated due to the combination of high detection rate, modern hosting, and SSL certificate legitimacy which enhances phishing credibility. Immediate action is recommended for users who may have interacted with this domain: revoke any wallet connections made via the site, transfer remaining assets to a clean wallet, and perform a full device scan. Users are advised to verify wallet URLs via official Atomic Wallet channels and enable hardware wallet signing for enhanced security. The domain remains a high-priority threat requiring coordinated response from hosting providers and security vendors to prevent further exploitation. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 104.18.36.248 ## Detection Status - VirusTotal: 18 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/2ab9c9cd-6379-441a-9422-aa0c1405eab2 - PhishDestroy: https://phishdestroy.io/domain/attomicwallettu.webflow.io/ - LLM endpoint: https://phishdestroy.io/domain/attomicwallettu.webflow.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/attomicwallettu.webflow.io/ Last updated: 2026-03-29