# satoshi-defi.pages.dev — SUSPICIOUS

> Satoshi-defi.pages.dev is a confirmed crypto drainer phishing site, flagged by 1 of 95 VirusTotal vendors. Check the full report.

## Summary
PhishDestroy identifies satoshi-defi.pages.dev as an active crypto drainer scam site designed to steal cryptocurrency from unsuspecting users. This domain is currently operational and is being actively used to deploy malicious JavaScript payloads that drain wallets connected via Web3 interfaces. The threat actor behind this campaign leverages deceptive branding and social engineering tactics to trick users into connecting their wallets, after which unauthorized transactions are executed without consent. The domain specifically impersonates legitimate decentralized finance (DeFi) platforms, making it particularly dangerous for users seeking yield farming or staking opportunities.


This domain was flagged by 1 of 95 VirusTotal security vendors, indicating limited—but present—detection of its malicious nature. It resolves to IP address 188.114.96.3 and is registered through Cloudflare, Inc., which provides anonymity and protection to the threat actor. The domain uses a Google Trust Services SSL certificate to appear legitimate. According to available telemetry, this domain is part of a broader campaign using unique seed 78fcf1 to evade detection across multiple platforms. While the domain is relatively new and has not yet been widely blacklisted, its active status and deployment of crypto drainer scripts pose an elevated risk to users interacting with it.


As of the latest assessment, satoshi-defi.pages.dev remains active and should be considered highly dangerous. Users are strongly advised not to visit, interact with, or connect any wallets to this domain under any circumstances. Block this domain at the network level using updated threat intelligence feeds. If you suspect exposure, immediately revoke any wallet connections via your wallet’s interface, transfer remaining assets to a secure wallet not previously exposed, and monitor for unauthorized transactions. Report the domain to your antivirus provider and relevant cybersecurity platforms to aid in takedown efforts. Exercise extreme caution when accessing DeFi platforms and verify URLs through official channels before any interaction.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/dde1e8f0-81a3-42a8-adde-7c311587c8c3
- PhishDestroy: https://phishdestroy.io/domain/satoshi-defi.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/satoshi-defi.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/satoshi-defi.pages.dev/
Last updated: 2026-04-01