# dextract-web.pages.dev — SUSPICIOUS

> The dextract-web.pages.dev domain is flagged as a crypto drainer with just 1 out of 95 VirusTotal scanners detecting it.

## Summary
PhishDestroy identifies the domain dextract-web.pages.dev as an active crypto drainer phishing site. This platform was flagged through automated threat detection systems and exhibits behavior consistent with cryptocurrency fund exfiltration through deceptive web interfaces. While the exact drainer kit remains unverified, the domain’s configuration suggests a high likelihood of mimicking legitimate cryptocurrency platforms to trick users into connecting their wallets and authorizing malicious transactions. The site’s structure and operational patterns align with known crypto-draining campaigns that leverage cloud hosting to evade traditional detection mechanisms. Seed: 6952cc

This domain, registered through Cloudflare, Inc., resolves to the IP address 188.114.97.3 and holds a valid SSL certificate issued by Google Trust Services. As of current intelligence, the domain has a VirusTotal detection score of 1 out of 95 security vendors, indicating extremely low detection rates despite its malicious intent. The domain is part of the Pages.dev subdomain service under Cloudflare, which is frequently exploited for short-lived phishing campaigns due to its legitimate appearance and ease of deployment. There are no immediate indications that this domain has been listed on major blocklists such as Google Safe Browsing (GSB), though such status may change rapidly in response to emerging threats. Seed: 6952cc

As of the latest assessment, the domain dextract-web.pages.dev remains active and poses an elevated risk to potential victims, particularly those involved in cryptocurrency transactions or investments. Immediate action includes blocking access at the network level and updating threat intelligence feeds to include this domain and its associated IP address. Users are strongly advised to avoid interacting with this site, verify the legitimacy of any cryptocurrency-related platforms through official channels, and report suspicious activity to relevant cybersecurity authorities or their financial institutions. While blocking and reporting efforts can mitigate immediate risks, the transient nature of this domain suggests that similar threats may emerge under new aliases, necessitating continued vigilance and proactive threat hunting. Seed: 6952cc

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/a0d1d2ec-9158-4c14-8398-7c4bfc5d4040
- PhishDestroy: https://phishdestroy.io/domain/dextract-web.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/dextract-web.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/dextract-web.pages.dev/
Last updated: 2026-03-27