# ph-omt-swalet.pages.dev — SUSPICIOUS > Domain ph-omt-swalet.pages.dev hosts social engineering content, 0/95 VirusTotal detections, blocked by MetaMask. Check the full report. ## Summary PhishDestroy identifies the domain ph-omt-swalet.pages.dev as a currently active social engineering campaign leveraging Cloudflare Pages for hosting. This infrastructure appears designed to impersonate legitimate services, likely aiming to harvest user credentials or sensitive data through deceptive web interfaces. The domain does not exhibit technical indicators commonly associated with drainer kits, such as obfuscated JavaScript or cryptocurrency transaction interception, suggesting reliance on basic phishing lures instead. Based on observed behavior and misaligned branding elements, the threat actor's objective appears to align with credential harvesting or malware distribution rather than financial theft via specialized scripts. This domain was flagged during routine monitoring with a VirusTotal detection score of 0 out of 95 engines, indicating it remains under the radar of most antivirus solutions. The domain resolves to IP address 172.66.44.159 and is registered through Cloudflare, Inc., leveraging Google Trust Services for SSL certificates. The domain was created recently and has been flagged by Google Safe Browsing under the category SOCIAL_ENGINEERING. It appears on one additional security blocklist and is already blocked by MetaMask, suggesting early-stage takedown efforts may already be in progress. As of this advisory, the domain remains active despite initial defensive measures, with a current risk level classified as under investigation. Response actions are likely focused on further analysis and potential takedown coordination with Cloudflare and hosting providers. While no immediate financial threat is evident, the domain's potential for escalation into more sophisticated attacks remains a concern. Users are advised to avoid interaction with this domain and ensure their security tools are updated to detect similar emerging threats. The remaining risk is moderate given the lack of widespread detection and the domain's reliance on basic social engineering tactics. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.159 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 1 hits Lists: ["MetaMask"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/b35f0e82-e174-4e9a-9528-441334d054e1 - PhishDestroy: https://phishdestroy.io/domain/ph-omt-swalet.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ph-omt-swalet.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ph-omt-swalet.pages.dev/ Last updated: 2026-03-25