# getsharexyz.pages.dev — SUSPICIOUS

> getsharexyz.pages.dev is a crypto drainer phishing site. Avoid this domain—it steals wallet credentials and drains crypto assets.

## Summary
PhishDestroy identifies the active crypto drainer phishing campaign at getsharexyz.pages.dev (seed: d3ec2c). This domain poses a HIGH risk due to its malicious intent to deceive users into connecting cryptocurrency wallets and authorizing unauthorized transactions. The threat actor leverages a deceptive .pages.dev subdomain mimicking legitimate file-sharing services to trick victims into downloading malicious payloads or entering wallet credentials. Technical analysis confirms this domain is currently unresolved by blocklists, with no detections on VirusTotal, enabling sustained operation. Users must treat this domain as HIGH RISK and avoid all interactions.  This domain was flagged by PhishDestroy with the following technical indicators: VirusTotal shows 0/95 detection engines flagged the domain as malicious, indicating it is not yet widely recognized by security vendors. The domain resolves to IP 188.114.97.3, hosted on Cloudflare’s infrastructure via Google Trust Services SSL certificate. Registered through Cloudflare, Inc., the domain employs Cloudflare’s Pages service to obscure its true origin while maintaining operational stability. The lack of detections and reliance on reputable infrastructure highlights the sophistication of this threat, designed to evade early detection mechanisms. No blocklist entries were found, further emphasizing the need for proactive user verification.  Mitigation for this crypto drainer threat requires immediate user action. First, avoid accessing or downloading any files from getsharexyz.pages.dev, as the domain is engineered to deploy malicious scripts or fake wallet interfaces. If you have already interacted with this domain, disconnect your cryptocurrency wallet from the internet immediately and revoke any unauthorized permissions via your wallet’s settings. Use PhishDestroy’s real-time verification tool to confirm the legitimacy of URLs before engagement, as this domain’s low detection rate underscores the importance of third-party validation. Report any suspicious activity to PhishDestroy for further analysis and inclusion in threat intelligence feeds to protect the broader community.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/cafeef59-654f-49e5-925f-2b45633cb6ec
- PhishDestroy: https://phishdestroy.io/domain/getsharexyz.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/getsharexyz.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/getsharexyz.pages.dev/
Last updated: 2026-03-24