# crypto-subscription.pages.dev — SUSPICIOUS > PhishDestroy identifies crypto-subscription.pages.dev as a cryptocurrency scam site. Hosted on Cloudflare’s CDN, it evades detection with 0/95 VirusTotal scans. ## Summary PhishDestroy has placed crypto-subscription.pages.dev under active investigation after identifying it as a cryptocurrency-themed phishing domain designed to steal digital assets through fake subscription traps. This domain masquerades as a legitimate crypto service, tricking users into connecting wallets or entering seed phrases under the guise of ‘subscription management’. Threat actors are leveraging Cloudflare Pages to rapidly deploy and modify the site, reducing takedown efficacy and evading real-time detection. This domain was flagged with 0 detections across 95 VirusTotal engines, indicating it currently bypasses mainstream security filters. It was registered through Cloudflare, Inc. and resolves to IP 172.66.47.136, secured by a Google Trust Services SSL certificate. Despite its fresh appearance, the infrastructure leverages reputable services to appear legitimate while hosting fraudulent content. The absence of early detection combined with the use of a trusted CDN highlights the sophistication of this threat actor’s tactics. Users who have visited crypto-subscription.pages.dev should immediately disconnect any connected wallets, revoke any token approvals granted to unknown domains, and run a malware scan on their devices. Do not enter any private keys, seed phrases, or wallet passwords on this site. Report the encounter to your wallet provider and consider rotating sensitive credentials. Block the domain at the network level if possible, and educate teams on recognizing similar crypto scams leveraging cloud services. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.136 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/4ed4bf64-b52e-4f97-b1e3-6ec92d24f2f0 - PhishDestroy: https://phishdestroy.io/domain/crypto-subscription.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/crypto-subscription.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/crypto-subscription.pages.dev/ Last updated: 2026-03-22