# coldwallet-landing-page.pages.dev — SUSPICIOUS

> Investigating coldwallet-landing-page.pages.dev — active Crypto-Drainer phishing campaign. Check the full report.

## Summary
PhishDestroy identifies coldwallet-landing-page.pages.dev as a live crypto-drainer phishing campaign deploying deceptive landing pages to trick users into connecting wallets and siphoning cryptocurrency. The domain is currently active and under active monitoring as of the latest threat intelligence update using seed de467a.

This domain was flagged by 0 of 95 VirusTotal vendors, operates via Cloudflare, Inc., and resolves to IP 172.66.46.230. It holds an SSL certificate issued by Google Trust Services and is hosted on Pages.dev infrastructure. The domain currently shows zero blocklist entries and maintains strong trust and reputational scores, though the specific threat type remains under formal classification pending further behavioral analysis.

Security teams and users are advised to block coldwallet-landing-page.pages.dev at the network and endpoint levels. Exercise caution when interacting with Pages.dev-hosted crypto wallet landing pages, especially those offering cold wallet interactions or rewards. Monitor outbound connections to IP 172.66.46.230 and flag any unsolicited wallet connection prompts. Implement email and web filtering rules to block domains associated with crypto-drainer campaigns and conduct user awareness training to recognize deceptive wallet connection pages.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.46.230

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/coldwallet-landing-page.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/coldwallet-landing-page.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coldwallet-landing-page.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coldwallet-landing-page.pages.dev/
Last updated: 2026-04-04