# ethgenesis-9ib.pages.dev — SUSPICIOUS

> ethgenesis-9ib.pages.dev identified as a crypto drainer scam with 0/95 VirusTotal detections. Block before exposure spreads. Avoid interaction.

## Summary
PhishDestroy identifies ethgenesis-9ib.pages.dev as an active crypto drainer disguised as an Ethereum genesis event portal. The domain leverages Cloudflare Pages to host malicious JavaScript designed to siphon cryptocurrency from unwitting victims by replacing wallet addresses during transaction approvals. Analysis reveals the infrastructure resolves to 172.66.47.24 and utilizes a Google Trust Services SSL certificate to appear legitimate, while the landing page mimics Ethereum Foundation branding to lure users during high-profile blockchain events. The threat actor registered the domain through Cloudflare’s Pages service to bypass traditional hosting scrutiny and rapidly deploy the campaign.

This domain was flagged with critical indicators including zero detections on VirusTotal across 95 security engines, indicating minimal coverage from automated detection systems. The domain exhibits a high-risk profile given its recent deployment timeline and lack of historical reputation data. Cloudflare’s infrastructure obscures the true origin while Google Trust Services certificates lend superficial credibility. Despite the absence of blocklist hits at the time of analysis, such domains typically propagate across threat feeds within 24-48 hours as additional artifacts emerge.

Users who accessed ethgenesis-9ib.pages.dev should immediately revoke any cryptocurrency wallet connections via their wallet’s connection management interface. Thoroughly check transaction histories for unauthorized transfers and consider transferring remaining assets to a newly generated wallet with updated security practices. Ensure all browser extensions are reviewed for suspicious permissions and clear cached data from the site. Report any compromised addresses to relevant blockchain explorers and consider filing an incident report with local cybercrime units. Monitor wallet addresses on blockchain explorers like Etherscan for associated malicious activity patterns.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.24

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/ethgenesis-9ib.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/ethgenesis-9ib.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ethgenesis-9ib.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ethgenesis-9ib.pages.dev/
Last updated: 2026-04-03