# ei-phantom.pages.dev — MALICIOUS

> ei-phantom.pages.dev is a high-risk phishing domain impersonating Phantom. Stay protected by avoiding this site flagged for social engineering.

## Summary
PhishDestroy identifies ei-phantom.pages.dev as a high-risk phishing domain engaged in brand impersonation of Phantom. The domain was designed to deceive users by mimicking Phantom’s identity, posing significant risk of social engineering attacks. This malicious activity threatens user credentials and sensitive information, necessitating caution and awareness among potential targets.

This domain was registered through Cloudflare, Inc. on February 21, 2026, and resolved to the IP address 172.66.44.167. It has been flagged by Google Safe Browsing for social engineering, and VirusTotal reports 13 out of 95 security vendors detecting malicious content associated with it. Additionally, the domain appears on three separate security blocklists. The site’s page title “Suspected phishing site | Cloudflare” further confirms its illicit purpose and hosting infrastructure.

Currently, ei-phantom.pages.dev is taken offline, mitigating immediate threats. PhishDestroy recommends continued monitoring for similar domains impersonating Phantom and advises users and organizations to maintain up-to-date security solutions and exercise caution when encountering suspicious links. Reporting such domains promptly aids in disrupting phishing campaigns and protecting the wider community.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Phantom
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.167
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["lloyd.ns.cloudflare.com", "arushi.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ChainPatrol", "BitDefender", "CyRadar", "ESET", "Emsisoft", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Netcraft", "Trustwave", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/0199fa18-047f-71e8-860d-4f3e7345420a.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/e870c8c3-317e-4c7a-bb3a-262584a7d125
- PhishDestroy: https://phishdestroy.io/domain/ei-phantom.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ei-phantom.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ei-phantom.pages.dev/
Last updated: 2026-03-19