# search-phntm-wlt.pages.dev — SUSPICIOUS

> search-phntm-wlt.pages.dev is flagged for possible phishing. Exercise caution and avoid sharing personal info until further investigation completes.

## Summary
PhishDestroy identifies search-phntm-wlt.pages.dev as a domain currently under investigation for phishing activities. While no antivirus or security vendors have flagged this domain yet, the nature of its registration and hosting through Cloudflare, Inc., along with its suspicious subdomain pattern, raises concerns about potential malicious intent. Users should remain vigilant as phishing sites often mimic legitimate services to deceive visitors.

This phishing attempt likely operates by tricking users into believing they are interacting with a trustworthy website. The domain's structure and naming convention suggest it may impersonate a wallet or search-related service, aiming to harvest sensitive information such as login credentials, financial data, or personal identification details. The domain resolves to an IP address associated with Cloudflare, which can sometimes be used to mask the true origin of the malicious server.

If a user has visited search-phntm-wlt.pages.dev, PhishDestroy recommends refraining from entering any personal or financial information. Users should immediately clear their browser cache and cookies, run a comprehensive malware scan on their device, and monitor their accounts for any suspicious activity. Changing passwords for related accounts and enabling two-factor authentication can further reduce potential damage. Staying informed and cautious is crucial while this domain remains active and under investigation.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-03-09 01:07:01
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.136
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: mckenzie.ns.cloudflare.com todd.ns.cloudflare.com
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 3 vendors flagged
  Vendors: ["ChainPatrol", "Fortinet", "Phishing Database"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ccffa-7f25-77b5-b0d0-d75d87ba9efd.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/7b8fda55-36e6-479a-800e-bb784079a5e6
- Wayback Machine: https://web.archive.org/web/https://search-phntm-wlt.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/search-phntm-wlt.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/search-phntm-wlt.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/search-phntm-wlt.pages.dev/
Last updated: 2026-03-19