# walletds.pages.dev — SUSPICIOUS > walletds.pages.dev is a crypto drainer on Cloudflare Pages that steals digital assets via fake wallet connections. ## Summary PhishDestroy identifies walletds.pages.dev as a live crypto drainer domain deployed on Cloudflare Pages and hosted at IP 172.66.45.6. This site poses a direct threat to cryptocurrency users by masquerading as a wallet interface to trick victims into signing malicious transactions that drain assets into attacker-controlled accounts. The page loads a drainer kit via the Cloudflare infrastructure, which evades the current Google Safe Browsing (GSB) blocklist and has not yet been flagged by VirusTotal, scoring 0 detections out of 95 engines. This domain was registered through Cloudflare, Inc. and leverages a Google Trust Services SSL certificate to appear legitimate. It resolves to the Cloudflare edge IP 172.66.45.6 and operates under the seed identifier e80488. As of latest telemetry, the domain remains active and is actively distributing the drainer payload to unsuspecting users who land on the page via phishing links or spoofed wallet apps. The lack of detection on VirusTotal (0/95) and absence from public blocklists underscore its stealthy operation, enabling ongoing exploitation without immediate warnings to visitors. The current status of walletds.pages.dev is active and under active distribution via phishing campaigns targeting crypto holders. Immediate recommended actions include blocking the domain at DNS and network levels, scanning wallets for unauthorized transactions, and reporting the domain to Google Safe Browsing and major threat intelligence platforms. While the site is not yet widely flagged, the drainer kit remains operational and capable of stealing assets from any connected wallet. Users are strongly advised to avoid interacting with this domain, verify wallet extensions for tampering, and revoke any suspicious approvals detected. Remaining risk is considered high due to the drainer’s current stealth posture and active deployment on a trusted cloud platform. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.45.6 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/walletds.pages.dev - PhishDestroy: https://phishdestroy.io/domain/walletds.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/walletds.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/walletds.pages.dev/ Last updated: 2026-04-05