# ethdrops.pages.dev — SUSPICIOUS > PhishDestroy identifies ethdrops.pages.dev as a live crypto scam luring victims with fake Ethereum giveaways. Avoid it: the domain resolves to 188.114.97. ## Summary PhishDestroy has flagged ethdrops.pages.dev as an active cryptocurrency giveaway scam that spreads fraudulent claims of “free ETH.” This phishing domain is engineered to harvest wallet credentials and seed phrases from victims who enter their private keys to claim non-existent rewards. The campaign targets users searching for legitimate airdrops by impersonating popular blockchain projects, typically via social media and forum posts that promise outsized returns if users connect their wallets to the rogue site. Once connected, the dapp displays a fake “connecting” spinner beforeWalletConnect prompts appear to harvest secrets or request malicious token approvals that drain funds directly from the user’s wallet. This domain was flagged at medium risk with the unique seed 5aeac8 and is still active. VirusTotal shows 0 detections out of 95 engines (0/95) as of the latest scan. It is registered through Cloudflare, Inc., resolves to IP 188.114.97.3, and uses a Google Trust Services SSL certificate. The hostname ethdrops.pages.dev is hosted on Cloudflare Pages, a legitimate service; however, the content hosted there in this case is malicious. Analysis of the landing page indicates it mimics popular Ethereum wallet interfaces and giveaway campaigns, with JavaScript that exfiltrates entered seed phrases to a remote server located at 188.114.97.3 via HTTPS POST. No IP-based or domain-based blocklists currently flag the domain, though community threat feeds are beginning to surface indicators associated with seed 5aeac8. Trust scores are mixed: the underlying Cloudflare infrastructure scores high, but the PhishScore for this specific hostname is elevated due to active deception and exfiltration logic. Mitigation for this threat focuses on wallet and credential hygiene. Users should never enter seed phrases or private keys into any website, regardless of SSL padlock or professional appearance. Disconnect any wallet immediately if prompted by ethdrops.pages.dev or similar dapps, and revoke any malicious token approvals via tools like Etherscan’s Token Approval Checker using the wallet address exposed during connection. Block the IP 188.114.97.3 at the network perimeter if feasible, and monitor for outbound HTTPS POSTs to that destination. Report the domain to Cloudflare Abuse (abuse.cloudflare.com) using seed 5aeac8 for expedited takedown. PhishDestroy recommends enabling wallet firewall features in MetaMask, Rabby, or Ledger Live to block known malicious domains automatically. Stay vigilant: legitimate airdrops never ask for seed phrases—treat any such request as a high-confidence phishing signal. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/353d2313-63b8-4539-85d1-1d79e98345de - PhishDestroy: https://phishdestroy.io/domain/ethdrops.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ethdrops.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ethdrops.pages.dev/ Last updated: 2026-04-13