# hlp-trdge-brge.pages.dev — SUSPICIOUS > Phishing domain hlp-trdge-brge.pages.dev distributing a crypto drainer kit with 0/95 VirusTotal detection. Check the full report. ## Summary PhishDestroy identifies an active crypto drainer kit phishing campaign targeting cryptocurrency users via the domain hlp-trdge-brge.pages.dev. This Pages.dev subdomain is currently hosting a fraudulent web interface designed to deceive victims into connecting cryptocurrency wallets and approving malicious token approvals. The campaign exhibits characteristics of a generic but developing drainer kit, likely intended for credential harvesting and unauthorized fund transfers from compromised wallets. No specific brand impersonation or known drainer family has been confirmed at this stage, warranting further behavioral analysis. This domain resolves to IP address 172.66.47.59 and is registered through Cloudflare, Inc. The SSL certificate is issued by Google Trust Services, indicating the use of legitimate infrastructure to evade detection. As of the latest scan, VirusTotal reports 0 detections out of 95 engines, confirming this threat remains undetected by most security platforms. No blocklist entries were found during initial queries, and the domain was created very recently. Given the absence of prior reputation, this domain presents a high-risk entry point for phishing attacks. The domain is currently active and under continuous monitoring. No known takedown or remediation actions have been applied. As the campaign evolves, the risk level remains under investigation, but early indicators suggest potential for significant financial harm to unsuspecting cryptocurrency users. Users are strongly advised to avoid accessing this domain and to enable transaction simulation tools, multi-signature wallets, and real-time transaction alerts as safety measures. Security teams should monitor for wallet connection attempts to domains matching this pattern. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.59 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/ee37d0b1-5231-48b4-ac35-cb39051290e4 - PhishDestroy: https://phishdestroy.io/domain/hlp-trdge-brge.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/hlp-trdge-brge.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/hlp-trdge-brge.pages.dev/ Last updated: 2026-03-25