# networklayers.pages.dev — SUSPICIOUS

> networklayers.pages.dev is a live crypto drainer impersonating Network Layers. Verify safety on PhishDestroy before clicking — VT score 0/95, Cloudflare-hosted.

## Summary
PhishDestroy identifies networklayers.pages.dev as an active crypto drainer domain impersonating Network Layers services. The site is hosted under a Cloudflare Pages subdomain and resolves to IP 172.66.44.134, indicating use of Cloudflare’s infrastructure. No specific drainer kit signature has been extracted yet, but the domain’s behavior aligns with JavaScript-based wallet drainers targeting crypto users.  

This domain was flagged by PhishDestroy’s automated pipeline using seed 436470. VirusTotal currently shows 0/95 detections, indicating it remains under the radar of most antivirus engines. The domain was registered through Cloudflare, Inc., and leverages a Google Trust Services SSL certificate to appear legitimate. No creation date was retrieved in this scan, but the Pages.dev subdomain suggests recent deployment. Given the 0/95 VT score and lack of blocklist entries, this threat is currently classified as under investigation with active status.  

As of this report, networklayers.pages.dev remains accessible and operational, posing a high risk to users who interact with it. PhishDestroy recommends immediate blocking of the domain and IP 172.66.44.134 at the network perimeter. Users are advised to verify any links related to Network Layers using PhishDestroy’s verification tool before clicking. The remaining risk is assessed as high due to undetected status on VirusTotal and active deployment, with potential for rapid expansion if not mitigated promptly.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.134

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/91df22c1-81b4-4757-b9ae-422247b18a8c
- PhishDestroy: https://phishdestroy.io/domain/networklayers.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/networklayers.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/networklayers.pages.dev/
Last updated: 2026-03-27