# claimbtfd.pages.dev — SUSPICIOUS > claimbtfd.pages.dev is a known crypto drainer domain with 1/95 VirusTotal detections. Avoid interacting with this site to protect crypto assets. ## Summary PhishDestroy identifies claimbtfd.pages.dev as an active crypto drainer posing an elevated risk to cryptocurrency holders. This domain is engineered to deceive users into connecting their wallets and authorizing fraudulent transactions, resulting in the unauthorized transfer of digital assets. The threat actor behind this campaign leverages cloud-based infrastructure and legitimate-looking subdomains to evade detection and exploit user trust. This domain was flagged by one security vendor out of 95 on VirusTotal, indicating low initial detection but high potential for harm once flagged by more tools. It resolves to IP 172.66.44.87 and is registered through Cloudflare, Inc., utilizing Google Trust Services for its SSL certificate—common tactics to enhance legitimacy and encryption coverage. Despite these superficial validations, no legitimate service operates under this domain, and all blockchain interaction should be avoided. The technical profile of claimbtfd.pages.dev reveals a high-risk configuration. VirusTotal’s analysis shows only 1 security vendor detecting malicious content as of the time of this report, suggesting that signature-based defenses have not yet widely identified the payload. The domain is hosted on Cloudflare’s Pages platform, which provides fast global delivery but is frequently abused by threat actors due to Cloudflare’s legitimate reputation and free tier availability. The associated IP address, 172.66.44.87, is part of Cloudflare’s infrastructure, specifically within the 172.66.0.0/16 range, which is consistent with dynamically assigned edge nodes rather than dedicated hosting—further reducing traceability. The domain exhibits no known presence on major threat intelligence blocklists such as Google Safe Browsing, PhishTank, or OpenPhish, likely due to its recent deployment or low detection rate. Additionally, the domain’s SSL certificate issued by Google Trust Services adds a false veneer of security, even though the certificate itself is valid. This combination of cloud hosting, low detection, and encrypted traffic highlights a sophisticated and evasive threat designed to exploit user trust and lack of visibility. To mitigate the risk posed by claimbtfd.pages.dev, users must exercise extreme caution when encountering any domain ending in .pages.dev or similar cloud-based subdomains offering financial or crypto-related services. Never connect a cryptocurrency wallet to an untrusted website, even if it appears legitimate or uses HTTPS. Always verify the authenticity of a platform by checking official social media, app stores, or direct links from known legitimate sources. Use hardware wallets or multi-signature wallets to limit exposure, and enable transaction approval notifications where possible. Blockchain explorers should be used to monitor wallet activity in real time, and any unauthorized transactions must be reported immediately to the relevant exchange or wallet provider. Finally, report suspicious domains like claimbtfd.pages.dev to threat intelligence platforms such as VirusTotal, URLScan, and PhishDestroy to improve collective defense. Staying vigilant against crypto drainers requires skepticism, verification, and the use of trusted security tools. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.87 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/a6b64d7c-eb97-4d8b-a8ea-44e1dcbe3ae0 - PhishDestroy: https://phishdestroy.io/domain/claimbtfd.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/claimbtfd.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/claimbtfd.pages.dev/ Last updated: 2026-03-22