# usdcdrainer.pages.dev — SUSPICIOUS > usdcdrainer.pages.dev is an active crypto drainer with only 1/95 vendors detecting it. Avoid interaction immediately. ## Summary PhishDestroy identifies usdcdrainer.pages.dev as an active crypto drainer impersonating legitimate digital asset services. This domain leverages Cloudflare-hosted infrastructure to evade traditional network defenses while delivering malicious payloads designed to siphon cryptocurrency from unsuspecting victims. The threat actor employs deceptive tactics including brand spoofing and social engineering to trick users into connecting compromised wallets or revealing seed phrases. Technical analysis reveals this domain resolves to IP 188.114.96.3 via Cloudflare's proxy network, with SSL certificates issued by Google Trust Services to maintain appearance of legitimacy. The infrastructure choice suggests sophisticated operational security measures to prolong operational lifespan while avoiding direct takedowns. This domain was flagged by VirusTotal with alarmingly low detection rates at exactly 1 out of 95 security vendors as of active monitoring, indicating minimal coverage against this emerging threat. Registered through Cloudflare, Inc., the domain utilizes Pages.dev subdomains—commonly abused for phishing campaigns due to their free hosting and rapid deployment capabilities. The technical indicators align with known crypto drainer campaigns that target blockchain users through fake airdrop sites, wallet drainers, and fraudulent NFT mints. The combination of low VT detection, Cloudflare hosting, and crypto-specific malicious intent elevates this threat to an elevated risk classification requiring immediate attention from both security researchers and everyday users. Users who visited usdcdrainer.pages.dev should immediately disconnect any connected wallets, revoke any approved permissions through blockchain explorers, and transfer remaining assets to fresh wallet addresses. Never enter seed phrases or private keys on any website, regardless of SSL indicators. Report this domain to your browser's safe browsing program and consider running a malware scan on your device. Enable transaction simulation tools in wallet interfaces to detect unauthorized outgoing transfers. Block this domain at network level if possible and inform your security team if this appeared in corporate environments. Stay vigilant for similar domains using cloud hosting services for crypto-related scams. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/812b316d-f5ba-4cb0-9f1b-f9077c4878be - PhishDestroy: https://phishdestroy.io/domain/usdcdrainer.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/usdcdrainer.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/usdcdrainer.pages.dev/ Last updated: 2026-03-22