# phantoms-us.pages.dev — MALICIOUS

> Warning: phantoms-us.pages.dev is flagged for phishing and social engineering. Avoid interaction; the site is now offline.

## Summary
PhishDestroy identifies phantoms-us.pages.dev as a high-risk generic phishing domain designed to deceive users and steal sensitive information. The domain was flagged for social engineering tactics commonly used in phishing attacks.

Supporting intelligence reveals the domain was registered through Cloudflare, Inc. and created recently on February 21, 2026. It appears on three separate security blocklists and is flagged by 15 out of 95 VirusTotal security vendors, underscoring its malicious intent and potential danger to users.

Users are advised to avoid any interaction with phantoms-us.pages.dev. Fortunately, the domain is currently offline, reducing immediate risk. Continuous monitoring and blocking of this domain are recommended to prevent exposure to phishing scams.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Phantom
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.191
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["rosemary.ns.cloudflare.com", "terry.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "Emsisoft", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Netcraft", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a2c0e-f950-714e-b807-fa3b61451196.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/45c330a4-7dca-4d11-a772-4a4bc8bfb9f7
- PhishDestroy: https://phishdestroy.io/domain/phantoms-us.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/phantoms-us.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/phantoms-us.pages.dev/
Last updated: 2026-03-19