# gfxdfnjytddbgfy.pages.dev — SUSPICIOUS > gfxdfnjytddbgfy.pages.dev is a crypto drainer phishing site with 0/95 VirusTotal detections. This malicious domain impersonates a cryptocurrency giveaway to. ## Summary PhishDestroy identifies the active phishing domain gfxdfnjytddbgfy.pages.dev (seed 73b9ab) as a cryptocurrency drainer masquerading as a bogus 'crypto giveaway' scheme. The threat actor utilizes a spoofed reward mechanism to deceive victims into connecting their wallets, enabling the drainer kit to siphon cryptocurrency assets directly. No specific drainer kit fingerprint has been publicly released, but the infrastructure is consistent with known crypto-draining operations leveraging cloud-based page hosting to evade traditional security controls. gfxdfnjytddbgfy.pages.dev exhibits the following technical indicators: the domain resolves to IP 172.66.47.100, is registered through Cloudflare, Inc., and holds a Google Trust Services SSL certificate. According to VirusTotal, the domain currently shows 0 out of 95 detection engines flagging it as malicious. The domain is newly registered and hosted via Cloudflare Pages, a platform commonly used by threat actors to rapidly deploy and rotate malicious pages. As of this report, the domain has not been flagged by Google Safe Browsing (GSB) and does not appear on major blocklists, which may indicate recent deployment and low dwell time. This domain remains active and under investigation, with a current risk level classified as 'under_investigation.' PhishDestroy recommends immediate blocking of both the domain and its resolving IP address (172.66.47.100) at the network perimeter. Users are advised to avoid interaction with the site and to verify all cryptocurrency-related giveaways through official channels only. While detection rates remain low, the threat actor’s use of legitimate cloud infrastructure and SSL certificates increases the potential for successful phishing operations. Continuous monitoring and proactive threat hunting are recommended to prevent asset loss and mitigate risk. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.100 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/gfxdfnjytddbgfy.pages.dev - PhishDestroy: https://phishdestroy.io/domain/gfxdfnjytddbgfy.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/gfxdfnjytddbgfy.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/gfxdfnjytddbgfy.pages.dev/ Last updated: 2026-04-04