# beraa.pages.dev — SUSPICIOUS > Active crypto drainer impersonating Beraa app on beraa.pages.dev. VirusTotal shows 0/95 detections. Avoid interactions immediately. ## Summary PhishDestroy identifies an active crypto drainer campaign targeting users via the domain beraa.pages.dev, impersonating the legitimate Beraa cryptocurrency application. The threat level is currently classified as 'under_investigation,' but the domain is actively resolving to malicious infrastructure. The specific threat type is a crypto drainer, designed to deceive users into connecting their cryptocurrency wallets and authorizing unauthorized transactions, leading to immediate financial loss. The domain is designed to mimic the Beraa app, a known cryptocurrency platform, leveraging its branding to establish credibility and trick users into engaging with the malicious content. This campaign poses a critical risk to cryptocurrency users, particularly those familiar with or actively using the Beraa platform. This domain was flagged due to its SSL certificate issued by Google Trust Services, which adds a false sense of legitimacy, while resolving to IP address 188.114.97.3. The domain is registered through Cloudflare, Inc., which provides anonymity and obscures the true registrant. As of the latest scan, VirusTotal shows 0 out of 95 security vendors detecting the domain as malicious, indicating that this threat is still in its early stages and has not yet been widely recognized by automated defense systems. The domain is hosted on Cloudflare Pages, a legitimate service often abused by threat actors to quickly deploy phishing and malware distribution sites. There are currently no known entries for this domain on major blocklists, reinforcing the need for proactive monitoring and user vigilance. Trust scores for the domain and IP remain unverified due to the lack of historical data and detections. To mitigate the risk posed by this crypto drainer, users must avoid interacting with beraa.pages.dev or any related links, even if they appear legitimate. If you have already connected your wallet to this domain, revoke all active permissions immediately using your wallet’s official tools (e.g., MetaMask’s 'Connected Sites' or Phantom’s 'Connected Apps'). Never approve unsolicited wallet connection requests, especially from pop-ups or redirected links. Report this domain to your wallet provider and any relevant cryptocurrency platforms to help block future attempts. Additionally, enable multi-factor authentication (MFA) and use hardware wallets for added security. Share this alert with your network to prevent further victimization, as crypto drainers thrive on widespread unawareness. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/c09752e1-2a48-40e9-bc9b-f8c9c6977a93 - PhishDestroy: https://phishdestroy.io/domain/beraa.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/beraa.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/beraa.pages.dev/ Last updated: 2026-03-27