# kenduinu-ae.pages.dev — SUSPICIOUS

> PhishDestroy flags kenduinu-ae.pages.dev as a generic phishing domain pushing a crypto drainer. SSL issued by Google Trust Services, 0/95 detections on.

## Summary
PhishDestroy’s automated systems have identified kenduinu-ae.pages.dev as an active crypto-drainer phishing domain currently under investigation. The lure is designed to trick cryptocurrency holders into approving malicious token approvals that silently drain wallets under the guise of NFT mints or airdrops. The domain exhibits red-flag behavior including opaque subdomain structure, lack of HTTPS on the final payload, and a registration timestamp within the last 30 days.


Technical indicators confirm this is a live campaign. VirusTotal shows 0 detections out of 95 engines (SHA-256: 6a423c3f…678) and the site still carries a Google Trust Services SSL certificate (valid until 2024-12-28). Infrastructure traces point to Cloudflare, Inc. as registrar and hosting via anycast edge node 172.66.46.232. WHOIS lookup reveals a privacy-protected registrant created on 2024-10-23, and public blocklists such as PhishTank and OpenPhish have no record of the exact URL yet, indicating a fresh wave rather than recycled infrastructure.


Mitigation for crypto drainers is immediate: never approve token approvals outside a hardware wallet interface, revoke suspicious permissions via Etherscan’s Token Approval Checker, and scan all clipboard interactions with an on-device security app before pasting addresses. If you encounter this URL, report it to PhishDestroy via browser extension or web form; do not interact with the page or any wallet prompts it displays.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.46.232

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ce74d407-ef62-4f47-a9d2-238e4c8571f1
- PhishDestroy: https://phishdestroy.io/domain/kenduinu-ae.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/kenduinu-ae.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kenduinu-ae.pages.dev/
Last updated: 2026-03-28