# antiresolve-mysafpalnode.pages.dev — SUSPICIOUS > antiresolve-mysafpalnode.pages.dev hosts a crypto drainer kit impersonating Safepal wallets. Check the full report to verify indicators and mitigation steps. ## Summary PhishDestroy identifies antiresolve-mysafpalnode.pages.dev as an active crypto drainer posing as Safepal wallet infrastructure. The domain leverages Cloudflare Pages to host a deceptive interface designed to trick users into connecting their wallets and authorize malicious transactions. Security telemetry reveals the domain is equipped with a drainer kit targeting cryptocurrency holders through fraudulent transaction signing prompts. While the infrastructure mimics legitimate Safepal wallet services, no direct affiliation with Safepal Wallet exists. This domain was flagged by PhishDestroy with a VirusTotal detection score of 0 out of 95 engines as of the latest scan. It was registered via Cloudflare, Inc. and resolves to IP 188.114.97.3. The domain operates under a Google Trust Services SSL certificate, suggesting an attempt to mimic legitimate HTTPS infrastructure. A review of threat intelligence platforms shows no prior inclusion in major blocklists at this time. The absence of detections highlights the evasive nature of this campaign, which has likely been active for a short period given its current status. At present, antiresolve-mysafpalnode.pages.dev remains active and is actively distributing a crypto drainer targeting unsuspecting users. Response actions include continuous monitoring and sharing of IOCs with trusted intelligence partners and CERT teams. Despite its current low detection rate, the risk level remains classified as under investigation due to the potential for rapid escalation once the campaign gains broader exposure. Users are strongly advised to avoid this domain entirely and verify wallet URLs through official Safepal channels. Blocking the IP 188.114.97.3 at the network perimeter is recommended to prevent access from internal systems. Remaining risk includes the threat of new drainer variants emerging under similar infrastructure, necessitating ongoing vigilance and proactive threat hunting. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/91d9a22a-abdf-4533-ae9b-efe15ad097b4 - PhishDestroy: https://phishdestroy.io/domain/antiresolve-mysafpalnode.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/antiresolve-mysafpalnode.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/antiresolve-mysafpalnode.pages.dev/ Last updated: 2026-03-27