# medcall-5a6.pages.dev — SUSPICIOUS

> PhishDestroy identifies medcall-5a6.pages.dev as an active crypto drainer impersonating medical services. VirusTotal shows 0/95 detections.

## Summary
PhishDestroy has flagged medcall-5a6.pages.dev as an active crypto drainer impersonating legitimate healthcare services. This domain leverages Cloudflare Pages to host a convincing fake login portal designed to trick users into connecting cryptocurrency wallets. Once connected, the drainer silently siphons funds from the victim's wallet, often without immediate detection. Users who interact with this page risk irreversible financial loss, as crypto transactions are irreversible.  This domain was flagged by PhishDestroy’s automated systems and shows concerning technical indicators. It resolves to IP 172.66.44.129 and is hosted on Cloudflare Pages. VirusTotal currently shows 0 out of 95 security engines detecting the threat, indicating it remains under the radar. The domain uses a valid Let’s Encrypt SSL certificate to appear legitimate. While creation date and blocklist counts are not specified in this intelligence, the lack of detection highlights the stealthy nature of this campaign.  If you visited medcall-5a6.pages.dev or entered any information, disconnect your wallet immediately and revoke any unauthorized permissions via your wallet’s security settings. Do not interact further with the domain. Report the incident to PhishDestroy for further analysis and consider transferring remaining funds to a new wallet. Always verify URLs and use official channels before entering sensitive information. Stay vigilant against crypto drainers targeting unsuspecting users.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.129

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/eabb41b3-f02e-4dd1-ba69-1b732c7f606e
- PhishDestroy: https://phishdestroy.io/domain/medcall-5a6.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/medcall-5a6.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/medcall-5a6.pages.dev/
Last updated: 2026-03-29