# btcme.pages.dev — SUSPICIOUS > btcme.pages.dev is a crypto drainer phishing site with 0/95 VirusTotal detections. This fraudulent domain impersonates Bitcoin services to steal cryptocurrency. ## Summary PhishDestroy identifies btcme.pages.dev as an active crypto drainer phishing domain designed to deceive users into transferring cryptocurrency to attacker-controlled wallets. This domain leverages Cloudflare’s infrastructure and Google Trust Services SSL certificates to appear legitimate, while its true intent is to exploit trust in Bitcoin-related services for financial theft. The threat actor behind this campaign uses pages.dev subdomains to rapidly deploy and rotate malicious infrastructure, making detection and takedowns challenging for security teams. Users interacting with this site risk irreversible cryptocurrency losses, as funds sent to connected wallets are irrecoverable once confirmed on the blockchain. This domain was flagged by PhishDestroy with the unique seed identifier 591164. VirusTotal analysis shows 0 out of 95 security vendors have detected this site as malicious, highlighting the evasive nature of the threat. The domain resolves to IP address 188.114.96.3, which is associated with Cloudflare's hosting infrastructure. SSL certificates issued by Google Trust Services further enhance the domain’s credibility, tricking users into believing the site is secure. Given the lack of detection on VirusTotal, this phishing campaign likely operates under the radar, targeting unsuspecting cryptocurrency users who may overlook subtle red flags such as misspellings or unusual subdomains. If you have visited btcme.pages.dev or entered any cryptocurrency wallet credentials, disconnect your wallet from the site immediately and revoke any unauthorized connections using your wallet’s security settings. Do not transfer additional funds or approve transactions from this domain under any circumstances. Report the incident to your wallet provider and monitor your transaction history for unauthorized activity. If you suspect exposure of private keys or seed phrases, transfer remaining funds to a new wallet and consider it compromised. Always verify URLs, avoid clicking unsolicited links, and use reputable security tools to scan for malicious activity. This domain should be added to browser-based blocklists and shared threat intelligence feeds to protect others from falling victim to this crypto drainer campaign. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/342682ee-6dc9-4299-b27c-bd94b4b51ad0 - PhishDestroy: https://phishdestroy.io/domain/btcme.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/btcme.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/btcme.pages.dev/ Last updated: 2026-03-26