# app-benqi-fi.pages.dev — SUSPICIOUS

> PhishDestroy flags app-benqi-fi.pages.dev as a crypto drainer posing as Benqi Finance. VirusTotal detected 1 of 95 vendors. Block this domain now.

## Summary
PhishDestroy identifies app-benqi-fi.pages.dev as an active crypto-draining phishing domain targeting Benqi Finance users. The elevated risk stems from its use of a lookalike Benqi Finance interface to trick victims into connecting wallets and approving malicious token approvals. This domain was flagged on live telemetry feeds and exhibits classic drainer behaviors, including the immediate siphoning of token balances upon wallet connection.  

This domain resolves to IP 172.66.47.4 and is registered through Cloudflare, Inc. The SSL certificate is issued by Google Trust Services, which may lend a false sense of legitimacy to unsuspecting users. VirusTotal shows only 1 out of 95 security vendors currently detecting the threat, indicating low coverage in automated defenses. The domain is hosted on Cloudflare Pages, leveraging the platform’s infrastructure to rapidly deploy and rotate phishing pages while evading takedown efforts. Historical blocklist checks reveal this domain has not yet been widely blacklisted, increasing the likelihood of successful victim engagement.  

Crypto-draining phishing sites like app-benqi-fi.pages.dev rely on social engineering and urgent language to pressure users into connecting wallets and signing malicious transactions. Typical signs include requests for wallet connections outside official dApps, unexpected token approval prompts, and immediate balance drains after approval. Users should always verify URLs against official sources, use hardware wallets for high-value transactions, and revoke suspicious token approvals via reputable tools such as Etherscan or Rabby Wallet. Organizations should deploy real-time domain monitoring, block known drainer IPs, and educate users on recognizing crypto-specific phishing tactics. Immediate action is advised: block this domain at the network perimeter and warn Benqi Finance users of this ongoing threat.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.4

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/fcf033a3-3033-4f8d-b058-b1d682abd7ae
- PhishDestroy: https://phishdestroy.io/domain/app-benqi-fi.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/app-benqi-fi.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/app-benqi-fi.pages.dev/
Last updated: 2026-03-22