# nodeasstmain.pages.dev — SUSPICIOUS > nodeasstmain.pages.dev is a live crypto drainer impersonating NodeAsst services. 1/95 VirusTotal engines flag it. Avoid transactions immediately. ## Summary PhishDestroy identifies the active domain nodeasstmain.pages.dev as a crypto-draining phishing page masquerading as NodeAsst services, employing a drainer kit to siphon on-chain assets without user consent. The URL leverages Cloudflare Pages hosting to serve a web3 threat aimed at tricking users into connecting crypto wallets and signing malicious transactions. This campaign targets victims through social media, messaging, and spoofed support channels, redirecting through obfuscated JavaScript to execute drainer logic upon wallet connection. The domain does not represent any legitimate NodeAsst infrastructure and should be treated as hostile to cryptocurrency funds. This domain was flagged on 1/95 VirusTotal scanners as of latest scan. It was registered through Cloudflare, Inc. and resolves to IP 172.66.46.238. Google Safe Browsing (GSB) currently lists this domain as unsafe, and it appears on 1 known security blocklist maintained by ScamSniffer. While definitive creation date is not provided in public WHOIS, the domain’s infrastructure footprint matches recent drainer campaigns operating via Cloudflare Pages. The presence of a Google Trust Services SSL certificate adds superficial legitimacy but does not validate the domain’s intent, a common tactic among modern crypto drainers to bypass browser warnings. The low VT detection rate (1/95) likely reflects the short operational window and targeted nature of the campaign, which often fly under the radar until widespread reports emerge. Current status: this domain remains active as per threat intelligence feeds, with ScamSniffer actively blocking known paths and GSB labeling it malicious. Immediate defensive actions include network-level blocking of the domain and IP, user advisories to avoid wallet connections, and wallet providers updating filter lists to reject drainer signatures. However, residual risk persists due to the rapid deployment of similar domains via Cloudflare Pages and the use of trusted SSL issuers. Users are strongly advised to verify any NodeAsst-related links through official channels only, disable auto-connect features in wallets, and monitor on-chain activity for unauthorized transfers. Until the campaign is fully dismantled, elevated risk of asset loss continues for users exposed to this domain. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.46.238 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["ScamSniffer"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/4776124c-7ebf-4556-8f98-1147af8cc2f1 - PhishDestroy: https://phishdestroy.io/domain/nodeasstmain.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/nodeasstmain.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/nodeasstmain.pages.dev/ Last updated: 2026-03-22