# thepandaworld.pages.dev — SUSPICIOUS

> This crypto drainer thepandaworld.pages.dev steals cryptocurrency via browser injection; VirusTotal shows 0/95 detections.

## Summary
PhishDestroy identifies active credential theft infrastructure linked to thepandaworld.pages.dev, a recently launched crypto drainer impersonating popular blockchain tools. This malicious domain prompts users to connect cryptocurrency wallets under the guise of legitimate services, then silently drains digital assets via injected scripts. Initial takedown efforts are delayed because the site hides behind Google Trust Services SSL and Cloudflare’s proxy network, making traffic appear benign to automated scanners.

This domain was flagged by Google Safe Browsing for SOCIAL_ENGINEERING and currently resolves to IP 172.66.44.147 with zero detections on VirusTotal out of 95 engines as of the latest scan. It was registered through Cloudflare, Inc. on an unknown date before April 2025, leveraging a Google-issued SSL certificate to appear trustworthy. The absence of antivirus detection suggests the campaign is still in early deployment, targeting users searching for blockchain utilities or NFT projects.

If you visited thepandaworld.pages.dev, immediately disconnect your wallet, revoke any unauthorized permissions via your wallet’s interface, clear browser cache and cookies, and scan your device with updated antivirus software. Do not interact with wallet connection prompts on this site. Report the domain to your wallet provider and consider rotating private keys if unauthorized transactions occurred. Monitor blockchain addresses for suspicious outflows and alert your exchange if funds were sent to mixers or exchange deposit addresses.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.147

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/80c43dd5-5158-4219-a91b-8b809fe455fe
- PhishDestroy: https://phishdestroy.io/domain/thepandaworld.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/thepandaworld.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/thepandaworld.pages.dev/
Last updated: 2026-03-29