# bit-3dh.pages.dev — SUSPICIOUS

> Is bit-3dh.pages.dev safe? This Cloudflare-hosted crypto drainer phishing site has 0/95 VirusTotal detections. Act now to block this threat.

## Summary
PhishDestroy identifies bit-3dh.pages.dev as an active crypto drainer phishing domain currently under investigation for generic phishing activities. This Cloudflare Pages deployment resolves to IP 172.66.44.149 using a Let's Encrypt SSL certificate, indicating an attempt to appear legitimate while exfiltrating cryptocurrency wallet credentials. The domain's structure mimics legitimate services, with particular focus on crypto-related operations that could deceive users into connecting malicious wallet interfaces. Security researchers should treat this as a high-priority threat due to its active status and zero detection rate across major antivirus engines.  This domain was flagged with 0 detections out of 95 VirusTotal scans, registered through Cloudflare, Inc. with IP resolution to 172.66.44.149. The Let's Encrypt SSL certificate suggests an attempt to establish trustworthiness while hosting malicious content. The specific threat involves crypto drainer functionality, where victims' wallet connections would automatically transfer funds to attacker-controlled addresses without requiring private key extraction. The domain's pages.dev subdomain indicates an attempted exploitation of Cloudflare's legitimate service to host malicious content while maintaining operational security through Cloudflare's infrastructure.  Users who visited bit-3dh.pages.dev should immediately disconnect any connected wallets, revoke any approved permissions through their wallet interface, and transfer remaining funds to a newly generated address. Scan all devices that accessed this domain for malware, particularly browser extensions that might capture wallet credentials. Report any unauthorized transactions to your wallet provider and local cybercrime units. Add the domain to your browser's blocklist and DNS blacklists while monitoring for related domains that may share infrastructure. Consider enabling hardware wallet signing for all transactions to prevent automatic fund transfers.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.149

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c287ad45-e217-404e-bca4-1d2eb0c15dfd
- PhishDestroy: https://phishdestroy.io/domain/bit-3dh.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/bit-3dh.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bit-3dh.pages.dev/
Last updated: 2026-03-31