# wallet-us-aavee.pages.dev — SUSPICIOUS

> PhishDestroy flags wallet-us-aavee.pages.dev for impersonating Aave. This Cloudflare-hosted domain resolves to 188.114.97.

## Summary
PhishDestroy identifies wallet-us-aavee.pages.dev as an active brand-impersonation domain targeting Aave users. This domain mimics the legitimate Aave platform to steal cryptocurrency credentials and funds. The threat actor leverages a drainer kit designed to siphon assets from unsuspecting victims who land on the fake interface. The domain’s infrastructure is hosted through Cloudflare, providing anonymity and resilience against takedown efforts.  

This domain was flagged by 2 out of 95 VirusTotal security vendors and is associated with the IP address 188.114.97.3. The SSL certificate is issued by Google Trust Services, adding a false sense of legitimacy to the phishing page. Registered through Cloudflare, Inc., the domain’s registration details are obscured, making attribution difficult. While the exact creation date is not disclosed in the available data, the domain is currently active and operational. The low detection rate on VirusTotal suggests that this threat may evade some automated defenses, increasing the risk of successful exploitation.  

As of the latest analysis, this domain remains active and poses an elevated risk to users who may be tricked into entering their Aave credentials. Immediate action includes blocking the domain and IP address at the network perimeter. Security teams should also monitor for any outbound connections to 188.114.97.3 and alert users to avoid interacting with wallet-us-aavee.pages.dev. The remaining risk is moderate due to the domain’s use of legitimate hosting services and SSL certificates, which can deceive users into believing the site is trustworthy. Continuous monitoring and proactive threat hunting are recommended to mitigate further exposure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Aave

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/wallet-us-aavee.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/wallet-us-aavee.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/wallet-us-aavee.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/wallet-us-aavee.pages.dev/
Last updated: 2026-04-10