# compoundlabs.pages.dev — SUSPICIOUS > compoundlabs.pages.dev is a cryptocurrency drainer kit impersonating Compound Finance. VT score 0/95, resolve IP 188.114.97.3. Avoid and report. ## Summary PhishDestroy identifies compoundlabs.pages.dev as an active cryptocurrency drainer kit designed to impersonate Compound Finance, a decentralized finance protocol. This domain leverages Cloudflare Pages to host malicious content that specifically targets cryptocurrency users by tricking them into connecting their wallets to drain assets. The threat type is classified as generic_phishing, indicating a broad but deliberate attempt to deceive users into authorizing fraudulent transactions. While the exact drainer kit remains unverified in public sandboxes, the domain's infrastructure suggests a high-fidelity replica of Compound Finance’s interface, likely incorporating MetaMask or WalletConnect integration prompts to exfiltrate private keys or approve malicious token approvals. This domain resolves to IP address 188.114.97.3, a Cloudflare-hosted endpoint with no detections on VirusTotal (0/95 engines). The domain is registered through Cloudflare, Inc., obscuring the true registrant behind Cloudflare’s privacy protections. The SSL certificate, issued by Google Trust Services, adds a veneer of legitimacy, potentially bypassing browser warnings. While Cloudflare’s infrastructure is often abused in phishing campaigns due to its reliability and free tier, this domain’s lack of historical blocklisting suggests it may be recently deployed. The absence of VirusTotal detections indicates either a novel campaign or evasion tactics, such as short-lived domains or obfuscated JavaScript payloads. As of the latest assessment, compoundlabs.pages.dev remains in an active status with a risk level marked as under_investigation, implying that further analysis is required to confirm the full scope of its operations. Security researchers are encouraged to monitor its IP (188.114.97.3) and associated domains for patterns, such as rapid domain rotation or shared infrastructure with known drainer kits. Users should avoid interacting with this domain, verify URLs via official Compound Finance channels, and report any suspicious activity to their wallet providers or incident response teams. The remaining risk is classified as moderate due to the domain’s lack of detections but high potential for financial harm if left unchecked. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/926a7800-3000-4b72-84b2-e641ea813ed9 - PhishDestroy: https://phishdestroy.io/domain/compoundlabs.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/compoundlabs.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/compoundlabs.pages.dev/ Last updated: 2026-03-28