# wallet-meta-support--cdn.pages.dev — MALICIOUS

> wallet-meta-support--cdn.pages.dev flagged for crypto drainer activity. High-risk domain now offline after multiple security blocklists and Google alerts.

## Summary
PhishDestroy identifies wallet-meta-support--cdn.pages.dev as a high-risk domain linked to a crypto drainer phishing campaign. This domain posed a serious threat to cryptocurrency users by attempting to steal wallet credentials and drain digital assets. The risk level is elevated due to the nature of the threat and active detections from multiple security sources.

Supporting evidence for this classification includes the domain’s creation date of February 21, 2026, indicating a recent establishment likely for malicious use. The domain resolves to IP 172.66.47.166 and appears on three established security blocklists. Google Safe Browsing flags it with a 'SOCIAL_ENGINEERING' warning, and VirusTotal reports 14 out of 95 security vendors detecting malicious activity associated with this domain. Additionally, the domain was registered through Cloudflare, Inc., a common registrar exploited for fast setup of fraudulent sites.

Mitigation efforts have resulted in the domain being taken offline, reducing immediate risk to users. PhishDestroy advises caution with similar subdomain naming conventions and recommends users verify wallet-related links through official channels only. Continuous monitoring and timely takedown actions are critical to preventing harm from crypto drainer campaigns like this one. The domain’s offline status as of now mitigates the active threat, but users should remain vigilant against phishing attempts leveraging such infrastructure.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.166
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["zod.ns.cloudflare.com", "venus.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019aad33-bbfe-757b-acd5-9c2a92007c8d.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/5b9a4f65-7b3b-4b63-be03-2ddf241933e5
- PhishDestroy: https://phishdestroy.io/domain/wallet-meta-support--cdn.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/wallet-meta-support--cdn.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/wallet-meta-support--cdn.pages.dev/
Last updated: 2026-03-19