# netfixernode.pages.dev — SUSPICIOUS > PhishDestroy warns: netfixernode.pages.dev is a LIVE crypto drainer mimicking Netflix. Verify via PhishDestroy before clicking. VT 0/95, SSL active. ## Summary PhishDestroy identifies netfixernode.pages.dev as an active crypto drainer posing as a Netflix-related service (unique seed d74991). This fraudulent domain employs a 'pig-butchering' scheme, luring victims into fake investment platforms to drain crypto wallets. The threat level is currently marked as 'under_investigation' but remains active, with no detections on VirusTotal despite clear malicious intent. This domain was flagged by PhishDestroy’s automated pipeline using Cloudflare’s infrastructure. It resolves to IP 188.114.96.3, registered through Cloudflare, Inc. The Google Trust Services SSL certificate suggests an attempt to appear legitimate, though the domain’s recent creation (post-2023) and zero VirusTotal detections (0/95 engines) indicate it evades initial screening. No known blocklists currently flag this domain, and its low detection rate may embolden attackers to scale operations. Mitigation requires immediate user vigilance: avoid clicking links from unsolicited emails or ads claiming 'Netflix' offers. Verify domains via PhishDestroy’s API or browser extension before interaction. Block IP 188.114.96.3 at the network level, and report the domain to PhishDestroy for takedown. If exposed, revoke wallet permissions immediately and scan devices for malware. This domain’s low VT score is a red flag—treat all Netflix-related domains with suspicion until independently verified. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/03cd6ceb-5c87-4550-8194-74350a0f1b89 - PhishDestroy: https://phishdestroy.io/domain/netfixernode.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/netfixernode.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/netfixernode.pages.dev/ Last updated: 2026-03-25