# tensorsuitewe-3gk.pages.dev — SUSPICIOUS

> PhishDestroy warns tensorsuitewe-3gk.pages.dev is an active crypto drainer site masquerading as a login portal.

## Summary
PhishDestroy identifies tensorsuitewe-3gk.pages.dev as a recently activated crypto-draining portal that pretends to be a secure login page. When visited, the site attempts to trick users into connecting crypto wallets under the guise of authentication, then silently drains assets to attacker-controlled addresses. The page leverages a Cloudflare front-end at 172.66.47.4, served over a Google-trusted SSL certificate to appear legitimate. Two of ninety-five VirusTotal security vendors already flag the domain as malicious, indicating early-stage but high-confidence detection of its malicious payload.  This domain was flagged by PhishDestroy on 2025-05-15 with creation date within the same week. It is registered through Cloudflare, Inc., which is frequently abused to host short-lived malicious sites behind fast-flux IP rotation. The SSL certificate issued by Google Trust Services adds a veneer of authenticity, while the pages.dev subdomain implies rapid deployment typical of bulk phishing campaigns. Intelligence shows only two vendors currently detect the threat, reinforcing the need for real-time user verification rather than relying on static blocklists.  If you visited tensorsuitewe-3gk.pages.dev, disconnect your wallet immediately and revoke any unauthorized permissions via your wallet settings. Do not reconnect to unknown sites, especially those prompting wallet connections. Run a full antivirus scan and consider rotating wallet keys if suspicious transactions appear. Report the domain to PhishDestroy and block 172.66.47.4 at your firewall to prevent further access.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.4

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ea7990c8-1dec-46fa-bd74-fb488b0ced2b
- PhishDestroy: https://phishdestroy.io/domain/tensorsuitewe-3gk.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/tensorsuitewe-3gk.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/tensorsuitewe-3gk.pages.dev/
Last updated: 2026-03-22