# btcpx-static.pages.dev — SUSPICIOUS

> Beware: btcpx-static.pages.dev is a malicious Bitcoin phishing site with 0/95 VirusTotal detections. Check the full report for IOCs, risks, and remediation.

## Summary
PhishDestroy identifies btcpx-static.pages.dev as an active Bitcoin-themed phishing domain under investigation for credential harvesting and cryptocurrency theft. This fraudulent site mimics legitimate Bitcoin exchange interfaces to trick users into entering their login credentials or payment information. The domain leverages Cloudflare's infrastructure, resolving to IP 172.66.47.189 and utilizing a Google Trust Services SSL certificate to appear authentic. With zero detections on VirusTotal, this phishing page evades immediate detection while posing a significant threat to cryptocurrency users seeking to exploit market volatility.


Technical analysis confirms this domain was registered through Cloudflare, Inc., a common tactic among threat actors to obscure their true origin while benefiting from the provider's reputation. The site's SSL certificate, issued by Google Trust Services, adds a false sense of legitimacy, as users often associate HTTPS with security. Despite its current lack of detections on VirusTotal (0/95), this domain exhibits clear phishing characteristics, including a deceptive naming scheme (btcpx-static) that suggests a connection to Bitcoin or cryptocurrency platforms. The infrastructure's reliance on Cloudflare also allows for rapid domain rotation or takedown evasion, complicating mitigation efforts for security teams.


If you or your organization has visited btcpx-static.pages.dev, immediately cease interaction with the site and do not enter any credentials or financial information. Review your cryptocurrency wallet and exchange accounts for unauthorized transactions or login attempts. Clear your browser cache and cookies related to Bitcoin or cryptocurrency platforms to remove stored session data. Report the domain to your IT security team or relevant authorities, such as CISA or your national cybercrime unit, and consider using ad-blockers or DNS filtering solutions to block known malicious domains. Stay vigilant for follow-up phishing attempts, as threat actors often reuse compromised credentials across multiple platforms.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.189

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/dc67e97a-54d3-4922-92f5-c02a2cb44b5e
- PhishDestroy: https://phishdestroy.io/domain/btcpx-static.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/btcpx-static.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/btcpx-static.pages.dev/
Last updated: 2026-04-01