# doc-phntomus-wallet.pages.dev — MALICIOUS

> Avoid doc-phntomus-wallet.pages.dev—a high-risk crypto drainer flagged for phishing. Do not enter wallet info or personal data.

## Summary
PhishDestroy has identified doc-phntomus-wallet.pages.dev as a dangerous crypto drainer domain. This site poses a high threat to users by attempting to steal cryptocurrency assets through deceptive tactics. Marked with Google Safe Browsing’s SOCIAL_ENGINEERING tag and listed on multiple security blocklists, it represents a significant risk for anyone involved with digital wallets.

This phishing domain operates by mimicking legitimate crypto wallet platforms, tricking users into providing private keys or seed phrases. Once entered, attackers gain unauthorized access to victims’ wallets, draining their funds. The site was registered via Cloudflare, Inc. in early 2026 but is now offline following detection and takedown efforts. Despite being inactive, its previous activity warns users to remain cautious of similar scams.

If you have visited doc-phntomus-wallet.pages.dev, immediately check your wallet for unauthorized transactions. Revoke any wallet permissions granted and transfer remaining funds to a new secure wallet. Change passwords and enable two-factor authentication where possible. Reporting the incident to your wallet provider or relevant authorities can help prevent further losses. Staying vigilant against such phishing attempts is essential to protect your crypto assets.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.99
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["arushi.ns.cloudflare.com", "denver.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ChainPatrol", "alphaMountain.ai", "BitDefender", "Chong Lua Dao", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a2a8c-bab9-701e-8b02-f89123ef29c3.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/0ae04251-381b-4a2e-a0f1-59d8e772c8f3
- PhishDestroy: https://phishdestroy.io/domain/doc-phntomus-wallet.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/doc-phntomus-wallet.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/doc-phntomus-wallet.pages.dev/
Last updated: 2026-03-19