# defidappauthprotocol.pages.dev — SUSPICIOUS

> defidappauthprotocol.pages.dev is a live crypto drainer impersonating an auth protocol. Blocked by ScamSniffer; 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies defidappauthprotocol.pages.dev as an active crypto-draining domain seeding seed 26e6e7. Its operators harvest private keys and seed phrases, redirecting stolen funds to controlled wallets within seconds of wallet connection. This is a high-risk wallet-draining operation rather than simple phishing, and users who interact are likely to lose assets permanently.  

This domain was flagged on one public blocklist and blocked by ScamSniffer. It resolves to IP 188.114.96.3 via Cloudflare and holds a Google Trust Services SSL certificate. VirusTotal currently reports 0/95 detections, indicating low antivirus coverage despite active abuse. The Cloudflare Pages deployment points to a recent infrastructure build, but no creation date is exposed in the available records. Registrant details remain obscured behind Cloudflare’s privacy service, aligning with the operational patterns of crypto-draining campaigns that prioritize anonymity and fast takedown evasion.  

Immediate mitigation is required: do not connect wallets or enter seed phrases on defidappauthprotocol.pages.dev. Verify any auth protocol URL through official project channels only. Revoke any inadvertent wallet connections via blockchain explorers or reputable revoke tools such as Revoke.cash. Enable hardware wallet signing for high-value assets and use burner addresses for testing. Report the domain to relevant blocklists and browser security programs to accelerate takedown. Monitor wallet activity closely; if drained, file police reports and blockchain incident reports promptly for potential fund recovery assistance.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["ScamSniffer"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/748f8f22-55eb-4946-9ef1-787ae36498c1
- PhishDestroy: https://phishdestroy.io/domain/defidappauthprotocol.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/defidappauthprotocol.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/defidappauthprotocol.pages.dev/
Last updated: 2026-04-13