# connectmoadal.pages.dev — SUSPICIOUS > connectmoadal.pages.dev is a live crypto drainer phishing site, only 0 of 95 VirusTotal vendors currently detect it. Act immediately to block access. Remove ## Summary PhishDestroy identifies the active domain connectmoadal.pages.dev as a cryptocurrency drainer phishing page currently serving live attacks. This page masquerades as a legitimate modal connection service and is designed to exfiltrate wallet credentials and authorize malicious transactions upon user interaction. The campaign is in active distribution with a unique seed identifier 1c15fa, indicating ongoing malicious hosting rather than a dormant or parked domain. This domain was flagged by 0 of 95 VirusTotal vendors as of the latest scan, indicating it has evaded detection by current antivirus engines and sandbox systems. It was registered through Cloudflare, Inc., resolving to IP address 172.66.45.16, and operates under a Google Trust Services SSL certificate valid for secure-looking connections. The domain resolves via Cloudflare’s edge network, leveraging reputable infrastructure to bypass traditional network-level blocking. No public blocklist records or historical detection rates are available due to its recent activation status. The registration and certificate data suggest a recent deployment intended to capitalize on trust assumptions tied to Cloudflare and Google domains. As of today, the campaign is in active status and poses a high risk to cryptocurrency users who may interact with wallet connection prompts delivered via social engineering (e.g., fake Discord bots, Twitter DMs, or phishing emails). Immediate action is required: block the domain at the network perimeter, update DNS blocklists, and notify users to avoid clicking unverified modal connection links. Additionally, revoke any recently authorized wallet connections associated with this domain via wallet interfaces. Monitor wallets for unauthorized outgoing transactions and consider rotating keys if compromise is suspected. Exercise heightened vigilance for similar Cloudflare Pages-based domains using HTTPS and legitimate-looking certificates to deliver crypto drainer payloads. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.45.16 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/ca11b0a3-e911-48b8-bc11-1c42d2a305f3 - PhishDestroy: https://phishdestroy.io/domain/connectmoadal.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/connectmoadal.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/connectmoadal.pages.dev/ Last updated: 2026-03-22