# netnode.pages.dev — SUSPICIOUS

> netnode.pages.dev linked to a fake Web3 wallet phishing scam. 1/95 vendors detected it. Check the full report for safety advice.

## Summary
PhishDestroy identifies netnode.pages.dev as an active fake Web3 wallet phishing site posing as a legitimate cryptocurrency wallet interface. This elevated-risk threat employs deceptive UI clones to trick users into entering seed phrases or private keys under the guise of wallet connectivity. The domain’s behavior aligns closely with credential harvesting and fund theft targeting crypto users, warranting immediate caution.


This domain was flagged by PhishDestroy after VirusTotal reported just 1 out of 95 security vendors detecting the threat. It is registered through Cloudflare, Inc. and resolves to IP 172.66.46.220. The SSL certificate is issued by Google Trust Services, appearing to legitimize the site visually, while four blocklists including Polkadot, Codeesura, ScamSniffer, and Enkrypt have already blacklisted the domain. As of seed 3a4f9e, the domain remains live and actively serving phishing content.


To mitigate the risk of falling victim to fake Web3 wallet phishing via netnode.pages.dev, users must never enter private keys, seed phrases, or wallet passwords on any webpage linked from unsolicited messages, social media, or ads. Always verify URLs manually via official project websites and use hardware wallets or trusted software clients. If accidentally exposed, immediately revoke wallet access via blockchain explorers, rotate keys, and transfer remaining funds to a secure wallet. Report the domain to your browser’s security team and relevant crypto protection platforms like ScamSniffer or Chainabuse to help block further abuse.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.46.220

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 4 hits
  Lists: ["Polkadot", "Codeesura", "ScamSniffer", "Enkrypt"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/073f22a0-183c-49e4-bffc-82c7aaea5e43
- PhishDestroy: https://phishdestroy.io/domain/netnode.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/netnode.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/netnode.pages.dev/
Last updated: 2026-03-24