# get-mutatiofiles.pages.dev — SUSPICIOUS > get-mutatiofiles.pages.dev is a crypto drainer phishing page with 0/95 VirusTotal detections. Avoid entering wallet details or connecting your keys. ## Summary PhishDestroy identifies get-mutatiofiles.pages.dev as an active cryptocurrency drainer domain designed to trick visitors into connecting wallets or entering seed phrases, resulting in direct asset theft. This site mimics legitimate file-sharing services to deliver hidden payloads that drain connected crypto wallets without requiring private key entry. By exploiting Cloudflare Pages hosting and Google Trust Services SSL certificates, the threat actor lowers user suspicion while rapidly propagating malicious links across social media and messaging platforms. Early detection remains difficult due to zero antivirus detection on VirusTotal and limited blocklist coverage, making proactive avoidance critical for crypto users. This domain was flagged by ScamSniffer and Enkrypt and now appears on two security blocklists. It was registered through Cloudflare, Inc., uses SSL via Google Trust Services, and resolves to IP 188.114.96.3. VirusTotal analysis shows 0 detections out of 95 engines as of the latest scan, indicating evasion of signature-based detection. Based on current telemetry, the domain exhibits recent creation timing consistent with opportunistic campaigns targeting crypto communities seeking file downloads. If you visited get-mutatiofiles.pages.dev, immediately disconnect your wallet from the site, revoke any unauthorized permissions via your wallet’s connected app dashboard, and transfer remaining funds to a new wallet. Never enter your seed phrase or private keys on any site. Report the domain to your wallet provider and security teams. Use hardened browser extensions like ScamSniffer or Enkrypt to block future access. Stay safe by only downloading files from trusted sources and verifying URLs before any interaction. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["ScamSniffer", "Enkrypt"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/c5e36b1b-6612-4120-a909-333ed643f5d5 - PhishDestroy: https://phishdestroy.io/domain/get-mutatiofiles.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/get-mutatiofiles.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/get-mutatiofiles.pages.dev/ Last updated: 2026-03-24