# presale.pages.dev — SUSPICIOUS

> presale.pages.dev is a crypto drainer phishing domain with 0/95 VirusTotal detections. Avoid entering crypto wallet credentials or connecting wallets to this.

## Summary
PhishDestroy identifies presale.pages.dev as an active crypto drainer phishing domain. The domain is currently under investigation but remains unflagged by security vendors, posing an immediate risk to cryptocurrency users. This threat involves malicious websites designed to drain funds from connected wallets by tricking users into approving malicious transactions or revealing private keys. The domain leverages Google Trust Services SSL certificates to appear legitimate, a common tactic among cybercriminals to bypass browser warnings.  The domain resolves to IP 172.66.47.201, which is registered through Cloudflare, Inc., a legitimate hosting provider often abused by threat actors for anonymity. VirusTotal currently shows 0/95 detections, indicating no proactive blocking by antivirus or security vendors as of this report. The use of Google Trust Services SSL certificates further complicates detection, as these certificates are widely trusted by browsers. The domain's Pages.dev subdomain suggests it may be part of a larger campaign targeting users through deceptive presale offers, a common lure in crypto drainer schemes.  Mitigation for this crypto drainer threat involves immediate avoidance of the domain and any associated links. Users should never connect cryptocurrency wallets or enter private keys or seed phrases on untrusted websites. Verify the legitimacy of presale offers through official channels, such as the project's verified website or social media accounts. If accidental interaction occurs, users should revoke any wallet connections immediately and transfer funds to a secure wallet. Additionally, report the domain to security vendors and block it at the network level to prevent further victimization.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.201

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/07377f0d-5668-4f9a-b8a9-2001ee352a32
- PhishDestroy: https://phishdestroy.io/domain/presale.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/presale.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/presale.pages.dev/
Last updated: 2026-03-30