# dfsdfs-6vx.pages.dev — SUSPICIOUS > PhishDestroy identifies dfsdfs-6vx.pages.dev as an active crypto wallet drainer targeting unsuspecting users. ## Summary PhishDestroy analysts have identified the active crypto wallet drainer domain dfsdfs-6vx.pages.dev as part of a sophisticated phishing campaign targeting cryptocurrency wallet holders. This domain is designed to impersonate legitimate crypto services to trick users into connecting their wallets and approve malicious transactions that drain funds. The threat actor employs a drainer kit specifically engineered to extract private keys, seed phrases, and authorize fraudulent blockchain transactions without user awareness. Security researchers have observed this domain being distributed through fraudulent social media posts and deceptive NFT minting websites that redirect victims to the malicious page. This domain was registered through Cloudflare’s registrar infrastructure and resolves to IP address 188.114.96.3. VirusTotal analysis shows the domain is currently detected by only 2 out of 95 participating security vendors, indicating low initial detection coverage. The domain utilizes a Google Trust Services SSL certificate, enhancing its credibility to appear legitimate to potential victims. While the exact creation date is not visible in public records, the domain’s presence on active threat feeds confirms recent deployment. Google Safe Browsing (GSB) has not yet flagged this domain, and blocklist aggregators report no prior listings, suggesting this campaign is newly operational and rapidly evolving. As of today, dfsdfs-6vx.pages.dev remains active and poses an elevated risk to cryptocurrency users. Immediate defensive recommendations include blocking the domain at the network level, updating browser security settings to prevent access, and warning users not to interact with unsolicited links claiming to offer crypto rewards or wallet connections. Despite low initial detection rates, proactive monitoring and rapid takedown efforts are critical to mitigate potential financial losses. Users should treat all unsolicited wallet connection requests with extreme caution and verify destinations via official channels before taking any action. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/0e944d5a-9183-4f23-8b18-6400c4a7eaf9 - PhishDestroy: https://phishdestroy.io/domain/dfsdfs-6vx.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/dfsdfs-6vx.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/dfsdfs-6vx.pages.dev/ Last updated: 2026-03-22