# claimcookiefun.pages.dev — SUSPICIOUS > Beware: claimcookiefun.pages.dev is a crypto drainer impersonating trusted brands. Flagged by ScamSniffer, it’s on 1 blocklist with only 2/95 vendors detecting. ## Summary PhishDestroy identifies claimcookiefun.pages.dev as an active crypto drainer domain designed to steal cryptocurrency assets from unsuspecting users. This malicious site masquerades as a legitimate service, luring victims with deceptive offers or fake login portals to drain connected wallets. Security teams have observed this domain actively distributing malicious payloads, particularly targeting users in cryptocurrency transactions or those interacting with decentralized finance (DeFi) platforms. The threat actor behind this campaign employs social engineering tactics, such as fake giveaways or urgent alerts, to prompt victims into connecting their wallets to fraudulent smart contracts. Once connected, the drainer exfiltrates funds without the user’s consent, often resulting in irreversible financial losses. Technical analysis reveals that this domain is part of a broader infrastructure used to harvest credentials and private keys, making it a high-risk threat to both individuals and organizations in the crypto space. This domain was flagged by ScamSniffer and appears on 1 security blocklist, indicating its malicious reputation among threat intelligence platforms. Registered through Cloudflare, Inc., the domain resolves to IP address 172.66.44.210 and utilizes a valid SSL certificate issued by Google Trust Services, which may help it evade detection by appearing legitimate. VirusTotal analysis shows that only 2 out of 95 security vendors have flagged this domain, highlighting the challenges in detection due to its use of trusted infrastructure and evasion techniques. The domain’s infrastructure is likely designed to rotate quickly, making it difficult for traditional security measures to keep pace. Analysts note that the domain’s behavior aligns with known crypto drainer campaigns, which often exploit the anonymity and irreversible nature of blockchain transactions to maximize their impact. If you or your organization has interacted with claimcookiefun.pages.dev, immediate action is required to mitigate potential risks. Disconnect any connected cryptocurrency wallets from the domain and revoke any unauthorized smart contract approvals through your wallet interface. Users should also scan their devices for malware or unauthorized browser extensions that may have been installed during the interaction. Report the domain to PhishDestroy and relevant threat intelligence platforms to help block its future use. Additionally, consider rotating private keys or using hardware wallets for enhanced security. Organizations should review network logs for any signs of compromise and educate users about the risks of interacting with unverified domains. Proactive monitoring of blockchain transactions for unusual activity is also recommended to detect and respond to potential losses promptly. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.210 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["ScamSniffer"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/e380926e-a5ac-46b7-a9ac-43bfd56b12cc - PhishDestroy: https://phishdestroy.io/domain/claimcookiefun.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/claimcookiefun.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/claimcookiefun.pages.dev/ Last updated: 2026-04-01