# purchase1-blockdag-networks.pages.dev — SUSPICIOUS

> PhishDestroy identifies purchase1-blockdag-networks.pages.dev as an active crypto drainer impersonating BlockDAG. VirusTotal flags 3/95 vendors.

## Summary
PhishDestroy identifies purchase1-blockdag-networks.pages.dev as a live crypto drainer domain masquerading as BlockDAG. The page leverages Cloudflare Pages hosting to deliver a malicious script aimed at siphoning crypto-assets from unsuspecting wallet holders who click through from social-engineering posts promising early token access. The campaign is currently reaching users via Twitter/X posts that direct clicks to the deceptive landing page; no traditional brand-login spoofing is observed, indicating a pure crypto-drainer operation rather than credential theft or classic brand impersonation.


Technical indicators collected on 2024-06-12 show a VirusTotal detection ratio of 3/95 security vendors, a Google Trust Services SSL certificate, Cloudflare, Inc. as registrar, and a Cloudflare-resolved IP address of 188.114.96.3. The seed-abuse fingerprint 6fefe5 does not yet align with known drainer kit families in ThreatFox or MalwareBazaar, suggesting either a new or heavily obfuscated loader. As of this analysis, the domain remains unlisted on major blocklists including Google Safe Browsing and PhishTank, but it is being tracked under seed 6fefe5 for rapid takedown coordination.


The domain is ACTIVE and shows no signs of voluntary shutdown; users who have already interacted should revoke any wallet approvals granted to the domain’s scripts via wallet settings and transfer remaining assets to a clean address. Block network-level rules at 188.114.96.3, then report the URL to Cloudflare Abuse and the hosting provider. Remaining risk is elevated until Cloudflare removes the Pages project or the underlying script is neutralized; exercise extreme caution when encountering any link containing blockdag-networks.pages.dev.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/9513cacd-f088-4e4a-98dc-c74fe17628be
- PhishDestroy: https://phishdestroy.io/domain/purchase1-blockdag-networks.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/purchase1-blockdag-networks.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/purchase1-blockdag-networks.pages.dev/
Last updated: 2026-03-24