# lichen-network-dex.pages.dev — SUSPICIOUS > lichen-network-dex.pages.dev is a live crypto drainer scam hosted on Cloudflare Pages with 0/95 VirusTotal detections. ## Summary PhishDestroy identifies lichen-network-dex.pages.dev as an active crypto drainer scam impersonating a decentralized exchange (DEX) interface. The domain leverages a spoofed Cloudflare Pages subdomain to host a fraudulent web3 wallet connection interface designed to siphon cryptocurrency assets under the guise of token swapping functionality. The landing page mimics legitimate DEX platforms, promoting token exchange services to lure victims into connecting their wallets and authorizing malicious smart contract interactions that drain funds without consent. lichen-network-dex.pages.dev exhibits several high-risk technical indicators: it shows 0 detections out of 95 on VirusTotal as of the latest scan, indicating zero detection by major antivirus engines. The domain is registered through Cloudflare, Inc., resolving to IP address 172.66.47.141 via a Let's Encrypt SSL certificate. The subdomain lichen-network-dex.pages.dev is part of Cloudflare's Pages platform, a legitimate service often abused by threat actors to host phishing and malware distribution sites. While the exact creation date is not publicly available through standard WHOIS tools due to Cloudflare's privacy protection, the domain remains unlisted on Google Safe Browsing (GSB) and has not been flagged by major threat intelligence blocklists as of current data. This low detection profile suggests a recently deployed campaign leveraging trusted infrastructure to evade early-stage detection mechanisms. This domain is currently active and poses an elevated risk to cryptocurrency users, particularly those interacting with decentralized finance (DeFi) platforms. The use of Cloudflare Pages provides both anonymity and performance benefits to attackers, allowing the site to operate with high availability while masking the true origin. Immediate remediation includes blocking the domain and IP at network and endpoint levels, updating threat intelligence feeds, and educating users to verify domain legitimacy before connecting wallets. Despite zero current detections, the lack of proactive blocking and the domain's active status increases the likelihood of successful victim engagement. Continuous monitoring is required as this campaign may rapidly evolve or expand to additional domains. Users are strongly advised to cross-check URLs using official project channels and to use hardware wallets or transaction simulation tools when interacting with DeFi interfaces. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.141 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/b9b3e52e-c0e5-45a6-bf0e-d5537bb6c93b - PhishDestroy: https://phishdestroy.io/domain/lichen-network-dex.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/lichen-network-dex.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/lichen-network-dex.pages.dev/ Last updated: 2026-03-28