# due-bxa.pages.dev — SUSPICIOUS > Due-BXA.pages.dev is a live crypto drainer impersonating Due. EXACTLY 0/95 VirusTotal vendors detected it yet. Avoid immediately. ## Summary PhishDestroy identifies the active crypto-draining impersonation domain due-bxa.pages.dev. This domain is a crypto-drainersite currently under investigation that mimics the legitimate Due invoice platform. The fraudulent site is served over HTTPS with a Google Trust Services certificate, resolving to IP 188.114.96.3 via Cloudflare Pages hosting. VirusTotal currently shows 0 vendors detecting the payload (0/95), while the domain is already listed on three external blocklists. Trust scores remain low due to its short age and association with known crypto-scamming infrastructure. Registered through Cloudflare, Inc., the domain went live on an unconfirmed date and remains accessible at 188.114.96.3. SEAL, MetaMask, and ScamSniffer have independently blocked interactions with this endpoint, confirming malicious intent. The combination of zero detections, low trust signals, and multi-vendor blocking indicates high-risk behavior aimed at unauthorized cryptocurrency extraction. Organizations and individuals should immediately block due-bxa.pages.dev at DNS and firewall levels. Exercise heightened scrutiny toward any Due-branded invoice or payment portal, verifying sender domains via official channels. Report indicators to PhishDestroy and local CERT teams to expedite global takedown efforts. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 3 hits Lists: ["SEAL", "MetaMask", "ScamSniffer"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/due-bxa.pages.dev - PhishDestroy: https://phishdestroy.io/domain/due-bxa.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/due-bxa.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/due-bxa.pages.dev/ Last updated: 2026-04-04