# bifrostwallet.pages.dev — MALICIOUS > bifrostwallet.pages.dev operates as a crypto drainer with 17/95 VirusTotal detections. Block MetaMask traffic and avoid visiting this domain to prevent fund. ## Summary PhishDestroy identifies bifrostwallet.pages.dev as an active crypto drainer domain designed to siphon cryptocurrency assets from unwary users. This threat leverages deceptive branding to trick victims into connecting wallets or entering seed phrases, resulting in irreversible fund transfers. The domain mimics legitimate crypto wallet services, specifically targeting users through social engineering tactics such as fake airdrops or urgent transaction alerts. Given the high-risk classification and active status, all users should treat this domain as hostile and immediately block all associated indicators. This domain exhibits multiple red flags across security platforms. VirusTotal confirms detection by 17 out of 95 security vendors, while Google Safe Browsing classifies it under SOCIAL_ENGINEERING. The domain is registered via Cloudflare, Inc. and resolves to IP 172.66.44.95, which is associated with malicious hosting infrastructure. Additionally, the domain appears on 1 security blocklist and is flagged by MetaMask. The SSL certificate, issued by Google Trust Services, adds a false sense of legitimacy, though it does not mitigate the underlying malicious intent. These combined factors elevate the risk profile significantly, warranting immediate defensive action. Mitigation against crypto drainers like bifrostwallet.pages.dev requires a multi-layered approach. Users must avoid interacting with the domain entirely, including clicking links or downloading files. Organizations should block the domain and IP (172.66.44.95) at the network perimeter and update endpoint protections to detect wallet-draining behaviors. Security teams should also monitor for connections to this domain in proxy logs or DNS queries. For individuals, enabling wallet protection features (e.g., transaction simulation) and never entering seed phrases on untrusted sites are critical steps. Immediate reporting to wallet providers (e.g., MetaMask) and security teams can help disrupt further campaigns. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.95 ## Detection Status - VirusTotal: 17 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 1 hits Lists: ["MetaMask"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/f050cf5a-02d0-4d17-a36b-772d994dda83 - PhishDestroy: https://phishdestroy.io/domain/bifrostwallet.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/bifrostwallet.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/bifrostwallet.pages.dev/ Last updated: 2026-03-30