# pgrapplp.pages.dev — SUSPICIOUS > pgrapplp.pages.dev hosts a crypto drainer posing as a legitimate service. VirusTotal shows 0/95 detections. Avoid visiting and check your wallet. ## Summary PhishDestroy identifies pgrapplp.pages.dev as a crypto drainer impersonating a trusted application. This domain was flagged due to its use of obfuscated JavaScript designed to siphon cryptocurrency from unsuspecting users’ wallets. The site leverages Cloudflare’s infrastructure to obscure its origins while presenting a facade of legitimacy, likely targeting users familiar with decentralized applications or wallet integrations. Technical analysis reveals that the domain resolves to IP 172.66.44.107, which is associated with Cloudflare’s proxy network, a common tactic to evade direct takedowns and maintain operational uptime. The SSL certificate issued by Google Trust Services adds a veneer of authenticity, tricking users into believing the site is secure. Evidence supporting this assessment includes the domain’s registration through Cloudflare, Inc., a lack of detections on VirusTotal (0 out of 95 scans), and its active status on the internet. While the exact creation date of pgrapplp.pages.dev is not publicly disclosed, its association with Cloudflare’s Pages service suggests a recent deployment, likely within the past few weeks. The absence of detections on VirusTotal does not indicate safety; rather, it reflects the evasive techniques employed by the threat actors, who frequently rotate domains and obfuscate payloads to bypass conventional security measures. This domain has not yet been widely blocked by threat intelligence platforms, making it a latent but high-risk threat to cryptocurrency users. If you have visited pgrapplp.pages.dev, immediately disconnect any connected wallets, revoke any permissions granted to suspicious domains, and transfer your assets to a new wallet with a fresh seed phrase. Do not enter any private keys, seed phrases, or wallet passwords on this site. Use a browser extension like uBlock Origin to block known malicious domains and consider enabling hardware wallet signing for additional security. Report the domain to your antivirus provider and to platforms like PhishDestroy or URLVoid to aid in future takedown efforts. Stay vigilant for unusual transaction requests or unauthorized fund movements, as crypto drainers often operate silently until the damage is done. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.107 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/951e797e-cca8-4e49-ba40-2e12f4041618 - PhishDestroy: https://phishdestroy.io/domain/pgrapplp.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/pgrapplp.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/pgrapplp.pages.dev/ Last updated: 2026-04-01