# en-blackhole.pages.dev — MALICIOUS

> Blackhole crypto drainer impersonates brands via en-blackhole.pages.dev—10/95 VirusTotal detections. Stop assets from draining now.

## Summary
PhishDestroy identifies an active cryptocurrency drainer domain en-blackhole.pages.dev that steals wallet credentials and transfers assets to attacker-controlled addresses. Hosted behind Cloudflare, the page resolves to IP 172.66.44.127 and hides behind a Google Trust Services SSL certificate to appear legitimate, masking its malicious intent from casual inspection. Recent telemetry shows 10 out of 95 VirusTotal security vendors have already flagged this domain, indicating early but widespread recognition of its malicious nature.  This domain was registered through Cloudflare, Inc. and is part of an ongoing campaign leveraging the Pages.dev platform to deliver next-generation crypto drainers. With detections accumulating rapidly, the risk profile remains elevated as attackers refine their tactics to bypass traditional defenses. Users who interact with this domain risk immediate financial loss, with wallets drained within minutes of credential submission.  If you visited en-blackhole.pages.dev or entered any sensitive information, disconnect your device from the internet immediately. Revoke any wallet permissions granted to the site using blockchain explorers or wallet interfaces. Scan your system with reputable antivirus tools such as Malwarebytes or Windows Defender to detect residual malware. Report the domain to your security team and block it at the network level using the IP 172.66.44.127 and domain name en-blackhole.pages.dev. Stay vigilant—this campaign continues to evolve with new permutations likely to emerge under the same infrastructure.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.127

## Detection Status
- VirusTotal: 10 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/en-blackhole.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/en-blackhole.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/en-blackhole.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/en-blackhole.pages.dev/
Last updated: 2026-04-10