# en-web3-xo-dus.pages.dev — SUSPICIOUS > en-web3-xo-dus.pages.dev is a live crypto drainer impersonating Web3 services with 0/95 VirusTotal detections. Act now to block this domain. ## Summary A newly identified domain, en-web3-xo-dus.pages.dev, has been flagged for hosting a crypto drainer kit designed to illicitly siphon cryptocurrency from unwitting victims. This threat operates under the guise of legitimate Web3 services, likely leveraging brand impersonation to deceive users into connecting their wallets or entering sensitive credentials. While the exact drainer framework remains unconfirmed, the domain’s structure and hosting environment suggest a tailored setup for crypto-theft operations. Initial telemetry indicates this campaign is still in its early stages of deployment, with active infrastructure observed in the wild. This domain resolves to IP address 188.114.96.3 and is registered through Cloudflare, Inc., utilizing a Google Trust Services SSL certificate to enhance its appearance of legitimacy. As of the latest scan, VirusTotal flagged the domain with 0 detections out of 95 engines, placing it in a blind spot for traditional detection mechanisms. The domain was registered under Cloudflare’s Pages service, which may be leveraged to rapidly deploy and decommission malicious pages. Given the absence of detections and the lack of historical blocklist entries, this threat poses a significant risk to users engaging with Web3 platforms. Google Safe Browsing (GSB) has not yet blacklisted the domain, further underscoring the urgency for proactive mitigation. As of today, this threat remains active and is currently under investigation by security teams. Immediate actions should include blacklisting the domain and IP at the network perimeter, as well as flagging the SSL certificate for inspection. Users are advised to avoid interacting with en-web3-xo-dus.pages.dev and to verify the authenticity of any Web3-related links before providing wallet access or sensitive data. While the risk is classified as under investigation, the combination of zero detections, active hosting, and crypto-drainage functionality suggests a high likelihood of escalation if left unchecked. Security teams are urged to prioritize containment and disseminate this advisory to relevant stakeholders to prevent potential financial losses. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/d651c29f-812b-4372-a1c2-438aa154d449 - PhishDestroy: https://phishdestroy.io/domain/en-web3-xo-dus.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/en-web3-xo-dus.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/en-web3-xo-dus.pages.dev/ Last updated: 2026-03-23