# lopecoin-presale.pages.dev — SUSPICIOUS > lopecoin-presale.pages.dev is a confirmed crypto drainer posing as a presale scam. VirusTotal flags it at 2/95. Avoid this site immediately. ## Summary PhishDestroy identifies lopecoin-presale.pages.dev as an active crypto drainer scam designed to trick users into connecting wallets under the guise of a presale. The domain leverages Cloudflare Pages hosting and a Google Trust Services SSL certificate to appear legitimate while surreptitiously draining cryptocurrency assets from victims’ connected wallets. This threat actor abuses the Pages.dev subdomain space—a tactic increasingly favored for low-cost, high-impact scams due to Cloudflare’s free tier and trusted reputation—making detection harder for end users. The campaign specifically targets cryptocurrency enthusiasts searching for early-stage investment opportunities, using deceptive naming (e.g., “lopecoin”) to imply affiliation with a reputable project while concealing malicious intent behind a polished, fraudulent interface. This domain was flagged by 2 of 95 VirusTotal security vendors and appears on 2 public blocklists. It was registered through Cloudflare, Inc., the hosting provider, and resolves to IP 172.66.47.98 within Cloudflare’s infrastructure. The use of a Google Trust Services SSL certificate further enhances trust perception despite serving malicious content. Such infrastructure choices align with common tactics used by crypto drainer operators to blend in with legitimate web services while avoiding direct responsibility. The domain’s short lifespan, combined with its malicious payload and rapid deployment via Pages.dev, underscores the need for real-time threat intelligence and proactive user education in identifying crypto-related frauds. Users who visited lopecoin-presale.pages.dev should immediately disconnect their wallets from any open tabs or browser sessions and revoke any unauthorized smart contract approvals using tools like Etherscan’s Token Approval Checker. Scan wallets for suspicious transactions and consider transferring remaining assets to a cold wallet. Report the domain to your browser’s phishing protection system and to relevant authorities such as the FBI Internet Crime Complaint Center (IC3) or local cybercrime units. Always verify presale websites by checking official project channels and never connect wallets to sites discovered through ads or unsolicited links. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.98 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["Enkrypt", "ScamSniffer"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/819058d0-3254-44b7-98ca-5681bf69e9fd - PhishDestroy: https://phishdestroy.io/domain/lopecoin-presale.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/lopecoin-presale.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/lopecoin-presale.pages.dev/ Last updated: 2026-03-27