# en-doc--atomicwallet.webflow.io — MALICIOUS > Atomicwallet.webflow.io domain linked to a live crypto drainer targeting Atomic Wallet users. 16/95 VT detections. Check the full report. ## Summary en-doc--atomicwallet.webflow.io has been flagged as an active crypto-draining domain masquerading as Atomic Wallet’s official site. The campaign leverages a convincing fake page hosted on Webflow to trick victims into connecting wallets and authorizing malicious token transfers. With an elevated risk rating, this domain poses an immediate threat to cryptocurrency users who may unwittingly surrender control of their digital assets. PhishDestroy identifies the seed edc160 as the unique campaign marker for this drainer operation. This domain resolves to IP address 104.18.36.248 and is currently detected by 16 out of 95 VirusTotal security vendors. The infrastructure relies on Google Trust Services for SSL encryption, lending a false sense of legitimacy to its phishing pages. Its Webflow hosting platform adds another layer of obfuscation, making it harder for users to instantly recognize the threat. While creation details remain obscured by the platform’s privacy settings, the current blocklist status and high detection rate underscore the severity of the risk it presents to potential victims. To mitigate exposure to this drainer, users should avoid clicking links from unsolicited messages or unfamiliar domains. Always verify URLs against official sources and use hardware wallets or transaction simulation tools before authorizing transfers. Organizations are advised to block both the domain and IP 104.18.36.248 at the network perimeter and update browser-based blocklists. Report any suspicious interactions involving this domain or its seed edc160 for further threat hunting. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 104.18.36.248 ## Detection Status - VirusTotal: 16 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/en-doc--atomicwallet.webflow.io - PhishDestroy: https://phishdestroy.io/domain/en-doc--atomicwallet.webflow.io/ - LLM endpoint: https://phishdestroy.io/domain/en-doc--atomicwallet.webflow.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/en-doc--atomicwallet.webflow.io/ Last updated: 2026-04-09