# connect-upheld-wallet-eng.pages.dev — SUSPICIOUS > Domain connect-upheld-wallet-eng.pages.dev hosts an active crypto drainer kit with 0/95 VirusTotal detections. Check your wallet connections immediately. ## Summary PhishDestroy identifies the domain connect-upheld-wallet-eng.pages.dev as an active crypto drainer campaign using a seed identifier bc4ebc. This infrastructure impersonates wallet connection portals, likely targeting cryptocurrency users under the guise of legitimate wallet services. The campaign employs a crypto drainer kit designed to siphon digital assets from victim wallets upon authorization, a technique increasingly prevalent in web3 threat landscapes. While no specific brand impersonation has been confirmed at this stage, the use of a drainer kit suggests the threat actor is leveraging deceptive wallet connection flows to execute unauthorized transactions. Technical indicators associated with this domain reveal a sophisticated setup with minimal current detection. The domain resolves to IP address 188.114.96.3 and was registered through Cloudflare, Inc., utilizing Cloudflare Pages for hosting. The SSL certificate is issued by Google Trust Services, adding a layer of legitimacy to the infrastructure. As of the latest scan, VirusTotal reports 0 detections out of 95 engines, indicating the domain has not yet been widely flagged. This low detection rate highlights the stealthy nature of the campaign and the potential for rapid expansion before security layers catch up. The campaign status remains active, with no confirmed blocks at this time. Immediate response actions include blocking the domain and IP at network and endpoint levels, as well as flagging the SSL certificate for revocation where possible. The remaining risk is assessed as high due to the combination of low detection rates, use of reputable hosting and SSL providers, and the active nature of the drainer kit deployment. Users are advised to scrutinize wallet connection requests, verify domain legitimacy, and monitor transaction histories for unauthorized activity. Proactive threat hunting and IOC sharing are critical to mitigating the spread of this campaign before it escalates further. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/397a3a2a-72be-43b2-9968-1e1e57222b84 - PhishDestroy: https://phishdestroy.io/domain/connect-upheld-wallet-eng.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/connect-upheld-wallet-eng.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/connect-upheld-wallet-eng.pages.dev/ Last updated: 2026-03-26