# rexasfianceclaim.pages.dev — SUSPICIOUS

> rexasfianceclaim.pages.dev is a crypto drainer site; VirusTotal score 0/95. Check the full report for IOCs and safety guidance.

## Summary
PhishDestroy identifies rexasfianceclaim.pages.dev as an active crypto-draining domain under investigation for harvesting private keys and draining wallets. This site is configured as a drainer kit designed to trick users into signing malicious transactions under the guise of a fake fiancé claim process. Cloudflare’s Workers Pages platform hosts the payload, making takedown slower and obfuscation easier. No specific brand is mimicked, suggesting a generic social-engineering lure aimed at crypto holders seeking quick payouts or restitution claims.

Technical indicators confirm the threat’s stealth posture: VirusTotal shows 0 detections out of 95 scanners, the registrar is Cloudflare, Inc., and the site resolves to 188.114.97.3. SSL is issued by Google Trust Services, which does not indicate malicious intent but enables encrypted exfiltration. The domain is newly minted, lacking public blocklist entries, and remains unflagged by Google Safe Browsing as of seed 82dedb.

Current status is active with no known takedown. Users should treat this domain as hostile: avoid interaction, block the IP 188.114.97.3, and scan any recent transaction signatures for drainer signatures. Remaining risk is elevated due to zero detections and evasion of real-time blocklists, leaving wallets exposed until additional telemetry or signatures emerge.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/2458e2bf-af13-49ef-bf9f-1830e05e32ab
- PhishDestroy: https://phishdestroy.io/domain/rexasfianceclaim.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/rexasfianceclaim.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/rexasfianceclaim.pages.dev/
Last updated: 2026-04-01