evmnode.pages[.]dev
Category: Phishing
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.
Quttera Web Malware Removal is a paid subscription service. Pricing, plans, and trial availability are set by Quttera. Quttera is operated by Quttera Ltd, an independent third-party company unrelated to RCS LT. PCRisk.com may earn a referral commission when users sign up through this link.
Description of evmnode.pages[.]dev
The domain evmnode.pages[.]dev appears to host a cryptocurrency- or Web3-themed landing page presented as an "advanced AI decentralized protocol" or wallet-related service. Based on the screenshot, the page prominently encourages visitors to connect a crypto wallet and displays recognizable wallet options such as WalletConnect, MetaMask, Trust Wallet, Exodus, and Coinbase, along with logos associated with crypto information platforms and communities.
The site appears to be delivered through a pages.dev subdomain, which is commonly used for static site hosting on a shared cloud platform rather than as a standalone branded domain. No clear operator identity, company details, or organizational ownership are evident from the provided scan data, which makes it difficult to verify who runs the service or whether it has any official relationship with the wallet brands and crypto logos shown on the page.
Safety Assessment for evmnode.pages[.]dev
This website raises notable concerns based on the available scan results. At the time of this scan, 4 out of 94 security engines flagged the URL, with detections broadly indicating phishing or malicious behavior. In addition, a malware scan reported a malicious threat level and flagged 9 of 10 scanned files as malicious or suspicious, including JavaScript resources and assets associated with the wallet-connection workflow. The same scan also identified a referenced domain tied to a generic malicious object finding.
The screenshot adds further risk context because the page centers on prompting users to connect cryptocurrency wallets, a pattern frequently associated with wallet-draining or credential-harvesting campaigns when presented by unverified sites. The use of a generic hosted subdomain, lack of visible operator information, and branding references to well-known wallet products without clear attribution may increase the likelihood of deceptive intent. Although some blacklist databases did not list the site and no threats were detected by certain browsing protection feeds at the time of this scan, those clean results do not outweigh the multiple phishing and malicious indicators present here.
Based on these findings, this website may pose potential risks to visitors, particularly anyone considering connecting a cryptocurrency wallet or approving blockchain transactions.
Technical Description
The site is hosted behind Cloudflare infrastructure on IP space associated with a shared content delivery and reverse-proxy network, with hosting geolocated to Toronto, Canada. It presents a valid TLS certificate issued by a mainstream certificate authority and expiring in July 2026. The domain uses Cloudflare nameservers and is registered through Cloudflare's registrar. DNSSEC appears to be unsigned at the time of this scan.
From a security perspective, the presence of valid HTTPS should not be treated as a trust signal by itself, since malicious or deceptive pages can also use properly configured TLS. More relevant concerns are the multiple suspicious or malicious script findings, the presence of iframes, and the wallet-connection interface shown in the screenshot. The use of a shared pages.dev subdomain also means the hosting environment is low-friction and can be used for rapidly deployed campaign pages.
Share your experience with this website. Was it safe? Did you encounter any issues?