# phantom--wallet-en.pages.dev — MALICIOUS

> Phantom--wallet-en.pages.dev is flagged for crypto draining and social engineering. Avoid interaction, domain is currently offline for safety.

## Summary
PhishDestroy identifies phantom--wallet-en.pages.dev as a high-risk crypto drainer domain designed to steal cryptocurrency assets through deceptive tactics. Initially registered on February 21, 2026, the domain impersonates legitimate wallet services to lure unsuspecting users into compromising their private keys or seed phrases. Classified primarily as a social engineering threat, its primary objective is asset theft within the crypto ecosystem.

Technical indicators reveal that the domain was registered via Cloudflare, Inc., leveraging their infrastructure for anonymity and resilience. It appears on three distinct security blocklists and is flagged by 14 out of 95 antivirus engines on VirusTotal, reinforcing its malicious nature. Additionally, Google Safe Browsing categorizes it under social engineering, which highlights its use of manipulative schemes to trick users into unsafe actions. The double hyphen in the domain name is a common tactic to mimic reputable services while evading simple detection.

Currently, phantom--wallet-en.pages.dev is offline and inaccessible, a critical step in mitigating user exposure to its threats. Blocking and monitoring this domain is recommended for all users and organizations involved in cryptocurrency transactions. Continued vigilance and real-time intelligence sharing will help prevent future reappearances or variant campaigns exploiting similar naming conventions.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Phantom
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.89
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["sri.ns.cloudflare.com", "bristol.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a8417-3a92-70fb-8fa3-1175bd8c4908.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/bce3870d-659d-4a79-8d94-d60c7d160bbf
- PhishDestroy: https://phishdestroy.io/domain/phantom--wallet-en.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/phantom--wallet-en.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/phantom--wallet-en.pages.dev/
Last updated: 2026-03-19