# dwalletdemo.pages.dev — SUSPICIOUS > PhishDestroy flags dwalletdemo.pages.dev as a live crypto drainer site impersonating a wallet. Verify URL safety with PhishDestroy before entering credentials. ## Summary PhishDestroy identifies dwalletdemo.pages.dev as a suspected cryptocurrency drainer domain currently under investigation for active phishing campaigns. The site masquerades as a legitimate wallet interface in an attempt to trick users into connecting their crypto wallets and approve malicious transactions. No specific drainer kit fingerprint has been extracted yet; attribution remains pending further sandbox analysis. The domain leverages Cloudflare Pages to host a spoofed login portal designed to harvest private keys or seed phrases under the guise of a wallet authentication flow. This domain resolves to IP 172.66.44.211 and is served over a Let's Encrypt SSL certificate issued to Cloudflare, Inc. VirusTotal currently reports zero detections across 95 engines as of the latest scan, indicating evasive behavior likely aided by Cloudflare’s infrastructure. The domain was registered anonymously through Cloudflare Registrar and is not currently flagged in Google Safe Browsing (GSB) or any major public blocklists, allowing it to remain accessible. With no historical blocklist presence and zero AV detections, this threat remains under the radar while actively targeting users. As of today, dwalletdemo.pages.dev remains active and unblocked. PhishDestroy has flagged the domain for ongoing monitoring and recommends immediate blocking at the network level. Users are advised to avoid interacting with this domain and verify any wallet-related URLs using PhishDestroy’s real-time scanner. Remaining risk is assessed as moderate due to active status and low detection coverage, requiring urgent signature updates to prevent further compromise. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.211 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/af0ad1fa-4369-40d1-8cad-d158780d1d14 - PhishDestroy: https://phishdestroy.io/domain/dwalletdemo.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/dwalletdemo.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/dwalletdemo.pages.dev/ Last updated: 2026-03-28