# fgybth8683.pages.dev — SUSPICIOUS > Phishing domain fgybth8683.pages.dev identified as a crypto drainer, flagged by PhishDestroy. VirusTotal shows 0/95 detections. Avoid clicking links. ## Summary PhishDestroy identifies fgybth8683.pages.dev as an active crypto drainer domain designed to steal cryptocurrency from unsuspecting users. This page, hosted on Cloudflare Pages, mimics legitimate services to trick victims into connecting their digital wallets and approving malicious transactions. Once a user interacts with the page, the embedded JavaScript payload surreptitiously drains funds by exploiting wallet approval mechanisms, particularly targeting ERC-20 and other blockchain assets. The threat actor leverages Cloudflare’s infrastructure to obfuscate origin tracing and maintain operational uptime, making detection and mitigation challenging for standard security tools. This domain was flagged by PhishDestroy with a warning status after analysis revealed critical red flags: VirusTotal currently reports 0 detections out of 95 security engines, indicating minimal detection by antivirus and threat intelligence platforms. The domain resolves to IP address 172.66.44.179, which aligns with Cloudflare’s known IP ranges used for Pages hosting. The SSL certificate, issued by Google Trust Services, adds a veneer of legitimacy, potentially luring users into a false sense of security. As of scan time, the domain remains unblocked across major threat intelligence feeds, increasing exposure risk for visitors. Users who visited or interacted with fgybth8683.pages.dev are strongly advised to take immediate action to secure their assets. If a wallet connection was approved during the visit, revoke the suspicious permissions immediately through your wallet’s interface or via tools like Etherscan’s Token Approval Checker or Revoke.cash. Transfer any remaining funds to a newly generated wallet and consider moving assets to cold storage if possible. Clear browser cache and cookies, and perform a full antivirus scan. Report the domain to your wallet provider and relevant authorities (e.g., Chainalysis, FBI IC3) to aid in takedown efforts. Remain vigilant against unsolicited links and always verify URLs before engaging with any crypto-related service. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.179 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/b3e101dd-1b54-479c-982d-e1eec04ee85e - PhishDestroy: https://phishdestroy.io/domain/fgybth8683.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/fgybth8683.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/fgybth8683.pages.dev/ Last updated: 2026-03-24