# wormhole-ui.pages.dev — MALICIOUS

> Discover why wormhole-ui.pages.dev is flagged for phishing. Learn about its risks, detection, and current offline status to stay protected.

## Summary
PhishDestroy identifies wormhole-ui.pages.dev as a high-risk generic phishing domain. Classified under social engineering threats, this domain was created on February 21, 2026, and used to deceive users into revealing sensitive information by mimicking legitimate services. The classification stems from its malicious intent to exploit user trust through fraudulent interfaces.

Technical indicators reveal that wormhole-ui.pages.dev was registered via Cloudflare, Inc., a popular registrar that attackers often use for quick domain provisioning. The domain appeared on three prominent security blocklists and was flagged by Google Safe Browsing for social engineering activities. VirusTotal analysis showed that 15 out of 95 security vendors detected phishing-related anomalies linked to this domain, highlighting its malicious infrastructure and widespread detection among cybersecurity platforms.

Currently, wormhole-ui.pages.dev has been taken offline, effectively neutralizing its threat vector. This responsive action limits further phishing attempts and protects potential victims from exposure. Despite its offline status, users are advised to remain cautious of similar domains and to verify web addresses carefully to avoid falling victim to such social engineering schemes. PhishDestroy continues to monitor related threats to enhance public awareness and cybersecurity resilience.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 188.114.96.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["razvan.ns.cloudflare.com", "veda.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ChainPatrol", "alphaMountain.ai", "BitDefender", "Chong Lua Dao", "CyRadar", "Ermes", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "Trustwave", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bdcd9-39ce-77bb-836a-0533abebef27.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/05586e26-24bc-420a-a908-5eef078b36b0
- PhishDestroy: https://phishdestroy.io/domain/wormhole-ui.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/wormhole-ui.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/wormhole-ui.pages.dev/
Last updated: 2026-03-19