# ethermail.pages.dev — SUSPICIOUS > Beware! ethermail.pages.dev is a crypto drainer mimicking legitimate crypto services. Verify URLs on PhishDestroy before clicking—188.114.96. ## Summary PhishDestroy identifies ethermail.pages.dev as an active crypto drainer domain impersonating legitimate crypto service providers. This domain leverages deceptive branding to trick users into connecting wallets or revealing private keys, enabling unauthorized crypto asset theft. The threat is classified as a crypto drainer due to its documented JavaScript-based drainer kit embedded in the site, designed to siphon funds from connected cryptocurrency wallets. This domain exhibits multiple red flags: it shows 0/95 detections on VirusTotal as of the latest scan, remains unblocked by major browsers, and is registered through Cloudflare, Inc. It resolves to IP address 188.114.96.3 and utilizes a Google Trust Services SSL certificate to appear legitimate. Creation metadata indicates this domain is part of a recent campaign, appearing on at least two public blocklists and actively evading detection through Cloudflare’s infrastructure. The domain is currently active and under active investigation by PhishDestroy. Users are urged to avoid interacting with ethermail.pages.dev and to verify all crypto-related links via PhishDestroy’s real-time checker. While intelligence sources like Enkrypt and ScamSniffer have already blocked this domain, the lack of broader detection (0/95) demands heightened caution. Remaining risk remains HIGH until more security vendors flag this infrastructure and Cloudflare takes action to suspend the domain. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["Enkrypt", "ScamSniffer"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/8b1ba82f-9428-4471-bdab-1e1a2d14c498 - PhishDestroy: https://phishdestroy.io/domain/ethermail.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ethermail.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ethermail.pages.dev/ Last updated: 2026-03-24