# heliustestresolve-8ej.pages.dev — SUSPICIOUS

> PhishDestroy flags heliustestresolve-8ej.pages.dev as a crypto drainer with 2/95 VirusTotal detections. Do not interact; report immediately.

## Summary
PhishDestroy identifies heliustestresolve-8ej.pages.dev as an active crypto drainer domain engineered to siphon cryptocurrency from unwitting users. When accessed, the page loads malicious JavaScript that monitors clipboard contents for wallet addresses and silently swaps them with attacker-controlled addresses, facilitating unauthorized transfers. Security researchers have observed similar domains employed in phishing campaigns targeting users of decentralized finance platforms, where the promise of “airdrops” or “yield opportunities” serves as bait to lure victims into connecting their wallets or pasting transaction details.  This domain was flagged by PhishDestroy with elevated risk and remains active. It resolves to IP address 188.114.97.3 and leverages a Let’s Encrypt SSL certificate to appear legitimate. VirusTotal analysis shows only 2 out of 95 security vendors currently detect this threat, indicating a low initial detection rate that could allow the campaign to evade automated defenses. The domain is registered through Cloudflare, Inc., which provides anonymity and fast global distribution, making it harder to take down quickly.  If you visited heliustestresolve-8ej.pages.dev, disconnect your wallet immediately and revoke any connected permissions via your wallet’s settings. Scan your device using updated antivirus software and check transaction histories for any unauthorized transfers. Report the domain to your security team or through PhishDestroy’s portal to help block further access. Avoid re-engaging with the site and warn others who may have received similar links.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/a0c0f51e-55ca-4356-bee8-b68f2dca11bf
- PhishDestroy: https://phishdestroy.io/domain/heliustestresolve-8ej.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/heliustestresolve-8ej.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/heliustestresolve-8ej.pages.dev/
Last updated: 2026-03-22