# amlka-01y.pages.dev — SUSPICIOUS

> amlka-01y.pages.dev active crypto drainer phishing campaign on Cloudflare with 0/95 VirusTotal detections. Investigate now.

## Summary
PhishDestroy identifies amlka-01y.pages.dev as a live crypto drainer phishing domain masquerading as a legitimate crypto service to steal digital assets. The domain leverages Cloudflare Pages hosting to deliver a malicious JavaScript payload that monitors clipboard activity and replaces crypto wallet addresses with attacker-controlled addresses, enabling direct fund diversion. Security telemetry confirms the domain is currently resolving to 188.114.97.3 via Let’s Encrypt SSL, indicating active operation and encrypted exfiltration of stolen data.


This domain was flagged with 0 detections out of 95 on VirusTotal at time of analysis, indicating low signature detection despite active abuse. It was registered through Cloudflare, Inc., and operates under Cloudflare Pages, a legitimate service abused for rapid deployment. The infrastructure maps to IP 188.114.97.3, a Cloudflare IP range associated with malicious campaigns. Given the absence of AV detections and the use of a trusted CDN, this threat evades traditional perimeter defenses and relies on user trust in recognizable domains.


Users who visited amlka-01y.pages.dev should immediately check their clipboard history and any recent crypto transactions for unauthorized address replacements. Disconnect from the internet, clear browser cache and cookies, and scan devices with updated antivirus software. Report any suspicious transactions to your wallet provider and consider transferring remaining funds to a new, isolated wallet. Monitor blockchain explorers for outgoing transactions to unknown addresses. If funds were sent, file a police report and contact your crypto exchange or wallet support with transaction hashes for potential recovery assistance.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/amlka-01y.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/amlka-01y.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/amlka-01y.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/amlka-01y.pages.dev/
Last updated: 2026-04-04