# phantom--wallet-docs.pages.dev — MALICIOUS

> Warning: phantom--wallet-docs.pages.dev is a high-risk crypto drainer flagged for social engineering. Avoid this site to protect your assets.

## Summary
PhishDestroy identifies phantom--wallet-docs.pages.dev as a high-risk crypto drainer designed to steal cryptocurrency assets from unsuspecting users. The domain is flagged for social engineering and appears on multiple security blocklists, indicating it poses a serious threat to anyone interacting with it. Although the site is currently offline, its history and registration details suggest it was actively used for malicious purposes.

This phishing scheme typically works by mimicking legitimate wallet documentation or login portals, tricking victims into entering private keys or seed phrases. The attackers then use this sensitive information to drain victims' crypto wallets. The domain was registered through Cloudflare, Inc. and flagged by 14 security vendors on VirusTotal, reinforcing that it was part of a coordinated fraud attempt. The social engineering tag on Google Safe Browsing highlights its deceptive tactics.

If you have visited phantom--wallet-docs.pages.dev, immediately cease any interactions and do not enter any personal or financial information. Check your crypto wallets for unauthorized transactions and consider moving your funds to a new wallet with fresh keys. Running a full security scan on your devices is recommended to eliminate any malware. Staying informed and cautious is critical to preventing losses from such sophisticated crypto scams.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Phantom

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.108
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["yoxall.ns.cloudflare.com", "bella.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019addca-ce90-76cc-b271-d79902d7bd6f.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/49db6fda-47c8-4521-963e-58ed29e78c4a
- PhishDestroy: https://phishdestroy.io/domain/phantom--wallet-docs.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/phantom--wallet-docs.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/phantom--wallet-docs.pages.dev/
Last updated: 2026-03-19