# polkadotnet.pages.dev — SUSPICIOUS > Investigating polkadotnet.pages.dev as an active crypto drainer phishing domain flagged by 1 of 95 VirusTotal vendors. Resolves to 188.114.97.3. ## Summary PhishDestroy identifies active crypto drainer campaign linked to polkadotnet.pages.dev. This threat operates under a generic phishing classification with elevated risk status as of current analysis. The domain leverages brand impersonation targeting Polkadot (DOT) cryptocurrency users by deploying malicious drainer scripts designed to siphon wallet funds through deceptive transaction approvals. The infrastructure is currently live and distributing payloads via Cloudflare Pages, indicating ongoing operational status. This domain was flagged by 1 of 95 VirusTotal security vendors on initial scan. It is registered through Cloudflare, Inc. and resolves to IP address 188.114.97.3, which is associated with Cloudflare’s hosting infrastructure. The SSL certificate is issued by Google Trust Services, providing a false sense of legitimacy. The domain was created recently and shows no prior inclusion on major blocklists, contributing to its elevated threat profile. Trust scores from external scanning engines remain critically low, reinforcing the malicious intent. As of this investigation, polkadotnet.pages.dev remains active and poses immediate risk to cryptocurrency users engaging with Polkadot ecosystem platforms. Users accessing this domain or any linked pages risk unauthorized wallet access, token theft, and credential compromise. Security teams and users are advised to block the domain at DNS and network levels, avoid all associated URLs, and report the domain to threat intelligence platforms such as VirusTotal, AbuseIPDB, and PhishDestroy. Additionally, users should verify all Polkadot-related communications via official channels only and enable hardware wallet verification for transaction signing. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/polkadotnet.pages.dev - PhishDestroy: https://phishdestroy.io/domain/polkadotnet.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/polkadotnet.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/polkadotnet.pages.dev/ Last updated: 2026-04-11