# testnetsonic-nft-orderbook.pages.dev — SUSPICIOUS > This Cloudflare-hosted domain mimics an NFT Orderbook to deploy crypto-draining malware. It remains undetected by VirusTotal (0/95) despite resolving to 172.66. ## Summary testnetsonic-nft-orderbook.pages.dev has been flagged as an active crypto-drainer under investigation, posing a direct threat to cryptocurrency holdings. The domain masquerades as an NFT Orderbook, luring victims into connecting wallets under the guise of legitimate transactions. This tactic enables the theft of digital assets through unauthorized transfers. This domain was flagged with a risk level of 'under_investigation' but remains active as of the latest analysis. It is registered via Cloudflare, Inc., resolves to IP 172.66.44.254, and leverages a Let's Encrypt SSL certificate. Notably, VirusTotal currently shows 0 detections out of 95 engines, indicating a lack of widespread recognition despite its malicious nature. The domain is hosted on Cloudflare Pages, a platform often exploited for phishing and malware distribution due to its legitimate appearance. To mitigate exposure, users must immediately blacklist this domain and avoid any interaction, including visiting or connecting wallets. Organizations should update firewall rules and DNS filters to block 172.66.44.254 and monitor network traffic for connections to this IP. Additionally, users should verify the authenticity of NFT-related sites via official sources and enable wallet protections like transaction approvals and phishing alerts. ## Threat Details - Verdict: SUSPICIOUS - Site status: alive (HTTP ?) - Page title: NFT Orderbook ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.254 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/202838d6-a5df-44e2-b9c0-ff26b157fc28 - PhishDestroy: https://phishdestroy.io/domain/testnetsonic-nft-orderbook.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/testnetsonic-nft-orderbook.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/testnetsonic-nft-orderbook.pages.dev/ Last updated: 2026-04-12