# safedao.pages.dev — SUSPICIOUS

> safedao.pages.dev hosted on Cloudflare, flagged by Enkrypt for impersonation phishing. Check the full report now to assess risk.

## Summary
PhishDestroy identifies safedao.pages.dev as an active impersonation phishing domain designed to mimic legitimate DAO portals. Hosted on Cloudflare Pages with Google Trust Services SSL, the site leverages deceptive branding to trick users into connecting wallets or submitting credentials. Risk level remains elevated due to persistent phishing TTPs noted across multiple security stacks.

Security telemetry confirms exposure across the attack surface with VirusTotal reporting detection by only 1 out of 95 engines, a clear indicator of low signature coverage despite community awareness. Registrar data ties the domain to Cloudflare, Inc., resolving to 172.66.44.71, while cross-referencing against Enkrypt and ScamSniffer blocklists confirms malicious categorization. The Google Trust Services certificate grants superficial legitimacy, masking credential harvesting attempts under HTTPS encryption.

Mitigation pivots on immediate domain blocking and user advisories against wallet connections or login prompts. Organizations should push IOCs (172.66.44.71, safedao.pages.dev) into egress filters and browser policies, disable autofill on crypto-related forms, and verify site authenticity via official DAO channels. Wallet extensions such as Enkrypt or ScamSniffer should be enabled to blocklisted domains to preempt user interaction. PhishDestroy recommends treating this as active, ongoing phishing infrastructure requiring swift containment.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.71

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["Enkrypt", "ScamSniffer"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/31297bcb-9b0c-4a9e-861a-7779af9d596c
- PhishDestroy: https://phishdestroy.io/domain/safedao.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/safedao.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/safedao.pages.dev/
Last updated: 2026-03-28