# scottytheai-web.pages.dev — SUSPICIOUS

> Domain scottytheai-web.pages.dev identified as an active crypto-drainer phishing site with a 2/95 VirusTotal detection rate. Immediate isolation advised.

## Summary
PhishDestroy identifies the domain scottytheai-web.pages.dev as an active crypto-drainer posing under the guise of an AI tool interface. The threat actor leverages a decoy domain resembling a legitimate AI service, likely targeting cryptocurrency holders or traders seeking automated solutions. No specific drainer kit metadata (e.g., wallet addresses, JavaScript payloads) is currently available in public sources, but the domain’s infrastructure and hosting provider suggest a coordinated effort to mimic legitimate AI tooling for credential theft or cryptocurrency siphoning.  This domain exhibits multiple technical indicators indicative of malicious intent. VirusTotal flags were recorded at a low 2 out of 95 security vendors, highlighting a gap in early detection despite its active status. Registered through Cloudflare, Inc., the domain resolves to IP address 188.114.97.3 and is associated with a Google Trust Services SSL certificate, adding a false veneer of legitimacy. Notably, this domain appears on two separate security blocklists and is actively blocked by Enkrypt and ScamSniffer, underscoring its malicious reputation. Additional telemetry suggests recent creation, though the exact date remains unverified in current feeds.  The current status of scottytheai-web.pages.dev is classified as active and elevated risk, with no evidence of takedown as of the latest assessment. Given its detection by multiple security vendors and blocklist inclusion, immediate isolation within enterprise environments is strongly recommended to prevent potential compromise. While the specific drainer kit remains unidentified, the domain’s infrastructure and SSL certificate issuance suggest an ongoing campaign targeting cryptocurrency users. Organizations are advised to block this domain at the network perimeter and review endpoint telemetry for any signs of prior interactions. Residual risk remains elevated due to the domain’s active status and the low initial detection rate on VirusTotal, necessitating continuous monitoring and proactive threat hunting.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["Enkrypt", "ScamSniffer"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/70564893-e141-41f5-bf27-07904aeb9eb5
- PhishDestroy: https://phishdestroy.io/domain/scottytheai-web.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/scottytheai-web.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/scottytheai-web.pages.dev/
Last updated: 2026-03-28