# hfggdfgj.pages.dev — SUSPICIOUS

> hfggdfgj.pages.dev hosts a crypto drainer phishing scam with 0/95 VirusTotal detections. Avoid this domain to prevent wallet theft now.

## Summary
PhishDestroy identifies hfggdfgj.pages.dev as an active crypto drainer scam, leveraging deceptive pages.dev subdomains to trick users into connecting crypto wallets. The threat level remains under investigation but poses imminent risk to cryptocurrency holders due to real-time asset exfiltration capabilities. This domain was flagged via seed 6b1407 and exhibits clear malicious intent.  

This domain resolves to IP 188.114.96.3 and operates under Cloudflare’s infrastructure, masking its true origin while maintaining a fraudulent SSL certificate issued by Google Trust Services. VirusTotal currently reports 0/95 detection engines flagging this page, indicating zero proactive protection despite its malicious nature. The use of pages.dev as a free hosting platform further demonstrates the threat actor’s exploitation of legitimate services to deploy crypto-stealing malware. No known blocklists or trust score mitigations exist for this domain as of the latest scan.  

Mitigation for crypto drainer scams requires immediate action: users should never connect wallets to unknown websites, verify domains via official channels, and enable hardware wallet signing for additional security. Block this IP (188.114.96.3) at the firewall level and report the domain to hosting providers (Cloudflare) and cryptocurrency platforms to prevent further exploitation. Always use wallet extensions with transaction simulation features to detect unauthorized transfers.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/0d8d7174-55ed-493d-9a28-695305255a70
- PhishDestroy: https://phishdestroy.io/domain/hfggdfgj.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/hfggdfgj.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/hfggdfgj.pages.dev/
Last updated: 2026-03-26