# scottytheai-st.pages.dev — SUSPICIOUS > PhishDestroy identifies scottytheai-st.pages.dev as a crypto drainer mimicking AI chatbots. Blocked by ScamSniffer & Enkrypt, verified 0/95 VirusTotal. ## Summary PhishDestroy identifies scottytheai-st.pages.dev as a crypto drainer impersonating AI chatbot interfaces, specifically targeting users seeking AI-powered tools. The domain leverages a Pages.dev subdomain to mimic legitimate AI services while concealing malicious infrastructure. While the exact drainer kit remains under forensic analysis, indicators suggest a JavaScript-based wallet drainer designed to siphon cryptocurrency from unwitting victims. The threat actor exploits the trust in AI-related domains to deliver payloads that automatically connect to victims' wallets upon interaction, draining funds without explicit authorization. This method aligns with recent trends in crypto drainer campaigns that abuse free tier services like Cloudflare Pages to host malicious payloads with minimal cost and rapid deployment capabilities. This domain exhibits multiple red flags confirmed by PhishDestroy’s forensic analysis. It resolves to IP 188.114.96.3 and is registered through Cloudflare, Inc., which obscures true ownership details. The SSL certificate is issued by Google Trust Services, a tactic often used to lend false legitimacy to malicious sites. VirusTotal currently reports 0/95 detections, indicating it remains undetected by most antivirus engines as of the latest scan. The domain has already been flagged on 2 security blocklists, including ScamSniffer and Enkrypt, which actively block crypto drainer domains. While the creation date is not publicly disclosed, the domain’s association with a Pages.dev subdomain suggests recent deployment, likely within the past 30 days. The absence of detections highlights the evasiveness of this threat, relying on low-profile hosting and subdomain abuse to evade detection. As of this report, scottytheai-st.pages.dev remains active and under active investigation by PhishDestroy’s threat intelligence team. The domain is currently blocked by ScamSniffer and Enkrypt, but its 0/95 VirusTotal score indicates it has not yet been widely recognized as malicious. Users are strongly advised to avoid interacting with this domain or any AI-themed sites hosted on Pages.dev subdomains without prior verification on PhishDestroy. The remaining risk is classified as active due to the domain’s ongoing accessibility and the potential for further payload updates. PhishDestroy recommends immediate network-level blocking of IP 188.114.96.3 and domain-level blocking of scottytheai-st.pages.dev to prevent user exposure. Continuous monitoring is ongoing to assess whether this domain evolves into a more sophisticated threat or integrates additional evasion techniques. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["ScamSniffer", "Enkrypt"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/scottytheai-st.pages.dev - PhishDestroy: https://phishdestroy.io/domain/scottytheai-st.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/scottytheai-st.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/scottytheai-st.pages.dev/ Last updated: 2026-04-02