# browser--wallet-extension.pages.dev — MALICIOUS

> browser--wallet-extension.pages.dev is linked to crypto draining schemes. Stay informed and avoid risks by learning more at PhishDestroy.

## Summary
PhishDestroy identifies browser--wallet-extension.pages.dev as a high-risk crypto drainer, a type of threat that aims to steal cryptocurrency by tricking users into revealing wallet credentials. Such attacks can lead to irreversible financial loss and compromise of personal digital assets.

This domain, created in February 2026 and registered through Cloudflare, has been flagged for social engineering by Google Safe Browsing and appears on multiple security blocklists. VirusTotal analysis shows significant detection among security vendors. The site has since been taken offline, limiting immediate risk but serving as a warning about similar schemes.

Users are strongly advised to avoid interacting with this domain or any suspicious wallet extension sites. Always verify sources before entering sensitive data and use trusted wallets and security tools. Staying vigilant helps protect against evolving crypto theft methods.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.182
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["isabel.ns.cloudflare.com", "jack.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a3203-bed4-747e-b2c5-563126d072c9.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/e0a00349-064e-4dd1-afae-5a3ffeb995be
- PhishDestroy: https://phishdestroy.io/domain/browser--wallet-extension.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/browser--wallet-extension.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/browser--wallet-extension.pages.dev/
Last updated: 2026-03-19