# updated-rabby-wallet.pages.dev — MALICIOUS

> Learn why updated-rabby-wallet.pages.dev is flagged as a high-risk crypto drainer. Stay safe from phishing attempts targeting crypto wallets.

## Summary
The domain updated-rabby-wallet.pages.dev was identified as a high-risk crypto drainer designed to steal cryptocurrency assets. This type of threat deceives users into revealing private keys or seed phrases, allowing attackers to empty victims' wallets without consent. Visiting such domains puts cryptocurrency funds at serious risk.

This phishing campaign masquerades as a legitimate wallet service, tricking users into entering sensitive wallet credentials. The attackers exploit fear and urgency to prompt users to connect or update their wallets, facilitating unauthorized access. The site was flagged by multiple security vendors and listed on several security blocklists due to its social engineering tactics.

If a user has visited updated-rabby-wallet.pages.dev, they should immediately cease any wallet activity linked to their credentials. It’s crucial to transfer remaining funds to a new, secure wallet and revoke any suspicious authorizations. Users should also run comprehensive malware scans and monitor accounts closely for unauthorized transactions to mitigate potential losses.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Rabby
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.46.236
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["beau.ns.cloudflare.com", "mimi.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "Ermes", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Sophos", "Trustwave", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019b44d9-0ef6-7308-81a9-191a02efb48d.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/e842d8a5-96aa-490c-990c-072c12627465
- PhishDestroy: https://phishdestroy.io/domain/updated-rabby-wallet.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/updated-rabby-wallet.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/updated-rabby-wallet.pages.dev/
Last updated: 2026-03-19