# eng-us-exedos-wallat.pages.dev — SUSPICIOUS

> eng-us-exedos-wallat.pages.dev hosts a crypto wallet drainer kit impersonating legitimate services. It has 0/95 VirusTotal detections despite active phishing.

## Summary
PhishDestroy identifies eng-us-exedos-wallat.pages.dev as an active crypto wallet drainer kit impersonating legitimate wallet services. This domain employs a sophisticated fake interface designed to trick users into connecting their wallets, leading to immediate fund extraction. The kit is hosted on Cloudflare Pages, leveraging the reputable platform to evade traditional domain-based detection mechanisms.  

This domain resolves to IP 172.66.47.189 and is registered through Cloudflare, Inc., with a Google Trust Services SSL certificate adding superficial legitimacy. VirusTotal currently reports 0/95 detections, indicating it has not yet been flagged by security vendors despite its malicious nature. The domain's recent deployment and lack of blacklist entries suggest it is in an early operational phase, with threat actors likely testing its efficacy before broader deployment. The absence of detections, combined with its use of a legitimate cloud provider, raises concerns about its potential to evade automated defenses.  

As of the latest assessment, eng-us-exedos-wallat.pages.dev remains active and under investigation, with the risk level categorized as 'under_investigation.' No known blocklist entries or takedown actions have been recorded, leaving users exposed to potential attacks. Immediate recommendations include blocking the domain and IP at the network level, avoiding any interactions with the site, and educating users about the risks of wallet drainer kits. While the current threat is active, the lack of detections and early-stage deployment suggest that proactive measures could mitigate further spread. Remaining risk is moderate to high, contingent on the domain's continued operation and potential expansion to other platforms.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.189

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/eng-us-exedos-wallat.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/eng-us-exedos-wallat.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/eng-us-exedos-wallat.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/eng-us-exedos-wallat.pages.dev/
Last updated: 2026-04-08