# satoshidex-web.pages.dev — SUSPICIOUS > satoshidex-web.pages.dev is a crypto drainer impersonating SatoshiDEX. VirusTotal shows 0/95 detections. Avoid interactions immediately. ## Summary PhishDestroy identifies satoshidex-web.pages.dev as an active crypto drainer campaign hosted on Cloudflare Pages, designed to trick cryptocurrency users into connecting wallets and draining funds. This domain is part of a broader pattern where threat actors leverage legitimate hosting providers like Cloudflare to deploy malicious pages that mimic legitimate crypto platforms such as SatoshiDEX. The attackers exploit the trust in well-known hosting services to bypass traditional security filters, increasing the likelihood of user engagement. Technical analysis confirms the domain resolves to IP 188.114.97.3, a Cloudflare IP address commonly associated with such deceptive deployments. This domain was flagged by Google Safe Browsing under the SOCIAL_ENGINEERING category, indicating a high potential for deception. VirusTotal analysis shows 0 detections out of 95 engines at the time of investigation, suggesting this campaign remains under the radar of most antivirus solutions. The domain is registered through Cloudflare, Inc., a legitimate registrar, which further complicates detection efforts. Additionally, the SSL certificate is issued by Google Trust Services, adding a false sense of legitimacy. The domain is part of Cloudflare Pages, a legitimate service that allows developers to deploy static websites quickly, but in this case, it is abused to host malicious content. The lack of detections and the use of legitimate infrastructure highlight the sophistication of this threat and the challenges in mitigating such campaigns. Users who have visited satoshidex-web.pages.dev should immediately disconnect any connected wallets, revoke any permissions granted to suspicious domains, and run a full system scan using reputable antivirus software. Avoid interacting with any prompts for wallet connections or fund transfers on this domain. If funds were stolen, report the incident to local law enforcement and relevant cryptocurrency authorities. Monitor wallet addresses for unauthorized transactions and consider transferring remaining assets to a cold wallet for enhanced security. Always verify the authenticity of crypto platforms by cross-checking URLs, SSL certificates, and official communication channels before engaging. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/58998a5d-7d32-4d79-84d9-684d7564c8d4 - PhishDestroy: https://phishdestroy.io/domain/satoshidex-web.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/satoshidex-web.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/satoshidex-web.pages.dev/ Last updated: 2026-03-29