# cartelflive.pages.dev — SUSPICIOUS

> Investigating cartelflive.pages.dev as a cryptocurrency drainer phishing site hosted on Cloudflare with 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies cartelflive.pages.dev as a currently active cryptocurrency drainer phishing domain under investigation as of seed 05702c. The domain mimics legitimate services to trick users into connecting cryptocurrency wallets and authorizing fraudulent transactions. No specific brand or drainer kit has been openly attributed to this domain in public threat intelligence feeds at this stage of analysis. The operational approach suggests a generic but effective social engineering strategy targeting cryptocurrency users through deceptive web pages hosted on a legitimate cloud platform.  This domain resolves to IP address 172.66.44.229 and is registered through Cloudflare, Inc., utilizing Google Trust Services SSL certificates for added legitimacy. As of current analysis, VirusTotal reports 0 detections out of 95 engines, indicating evasion of signature-based detection mechanisms. Registered via Cloudflare's pages.dev service, the domain shows no presence on Google Safe Browsing lists and has not been observed on major threat blocklists, suggesting recent deployment or low prior exposure. Technical indicators include a legitimate SSL certificate provider and CDN infrastructure, complicating initial identification for end-users and automated security systems.  Current status is classified as active with risk level under investigation. Immediate containment involves user awareness and domain blocking at network and endpoint levels. Response actions include updating firewall rules, DNS sinkholing, and distributing IOCs to threat intelligence partners for accelerated detection. Remaining risk is assessed as moderate due to low detection coverage, reliance on user trust in cloud platforms, and the domain's deployment on a reputable infrastructure provider. Users are advised to treat any unsolicited links to cartelflive.pages.dev with extreme caution, verify all domains before wallet connections, and report suspicious transactions immediately to mitigate potential losses.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.229

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4c288b09-afd5-42b0-a70c-ba452729e1ab
- PhishDestroy: https://phishdestroy.io/domain/cartelflive.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/cartelflive.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/cartelflive.pages.dev/
Last updated: 2026-03-22