# alpha-sale.pages.dev — SUSPICIOUS > alpha-sale.pages.dev is a crypto drainer phishing site with 0/95 VirusTotal detections. Verify domains before crypto transactions. Act now. ## Summary PhishDestroy identifies alpha-sale.pages.dev as a crypto drainer phishing domain currently under active investigation. This domain employs deceptive tactics to trick users into connecting cryptocurrency wallets, enabling unauthorized fund transfers. The page targets unsuspecting victims by mimicking legitimate sale or promotional platforms, posing a direct financial risk to users who engage with it. Technical analysis confirms the domain is configured to facilitate crypto drainer operations, making it a high-priority threat for wallet users and exchanges. This domain was flagged with 0 detections out of 95 VirusTotal scanners as of the latest update, indicating it remains undetected by most security vendors. Registered through Cloudflare, Inc., the domain resolves to IP address 188.114.97.3 and utilizes a Let's Encrypt SSL certificate. The infrastructure leverages Cloudflare’s Pages.dev service, which has been increasingly exploited for phishing campaigns due to its legitimate appearance and rapid deployment capabilities. With no confirmed blocklist entries or trust score reductions at this time, the domain maintains a temporary status of 'under_investigation,' but this may change as additional intelligence is gathered. The use of Let's Encrypt certificates further complicates detection, as these are often associated with legitimate deployments but can also mask malicious activity. To mitigate the risk posed by alpha-sale.pages.dev, users must avoid interacting with the domain entirely, especially any prompts to connect cryptocurrency wallets. Crypto drainer phishing sites often leverage urgency (e.g., 'limited-time sale') to pressure users into hasty decisions. Verify the authenticity of any crypto-related domain by cross-checking official channels, such as the project’s verified website or social media accounts. Wallet users should enable transaction approvals, use hardware wallets for critical operations, and monitor connected dApps regularly. Security teams and researchers are advised to update threat intelligence feeds to include this domain once confirmed malicious, and to share indicators of compromise (e.g., wallet drainer addresses) to aid in detection. Cloudflare should be notified to review the domain for potential takedown under their acceptable use policies. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/09523b04-8ae8-4181-909d-66be0825fe1c - PhishDestroy: https://phishdestroy.io/domain/alpha-sale.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/alpha-sale.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/alpha-sale.pages.dev/ Last updated: 2026-03-28