# tlfwebsite.pages.dev — SUSPICIOUS > tlfwebsite.pages.dev is a cryptocurrency drainer phishing domain with 0/95 VirusTotal detections. Block it now to prevent asset theft and credential loss. ## Summary PhishDestroy identifies an active cryptocurrency drainer phishing campaign targeting users via the domain tlfwebsite.pages.dev. This fraudulent site mimics legitimate services to trick victims into connecting cryptocurrency wallets, thereby draining digital assets without user consent. The threat is classified as a 'crypto drainer' due to its primary function of unauthorized fund extraction rather than mere credential harvesting. This domain was flagged during routine threat intelligence monitoring and shows alarming technical indicators. VirusTotal currently lists 0/95 positive detections, indicating low antivirus coverage as of the latest scan. The domain is registered through Cloudflare, Inc., leveraging Google Trust Services SSL certificates to appear legitimate. The IP resolution points to 172.66.47.41, a server known for hosting malicious infrastructure. While the exact creation date is not publicly disclosed, the domain remains active and is being actively investigated for further malicious activities. Users who accessed tlfwebsite.pages.dev should immediately disconnect their cryptocurrency wallets from any connected sites and revoke any permissions granted. Scan devices for malware using reputable antivirus software and review wallet transaction histories for unauthorized transfers. Report this domain to your wallet provider and relevant cybersecurity authorities. Avoid interacting with this domain and any links or attachments associated with it to prevent further compromise. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.41 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/e4f31f53-3611-4589-a8cb-85baff82794c - PhishDestroy: https://phishdestroy.io/domain/tlfwebsite.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/tlfwebsite.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/tlfwebsite.pages.dev/ Last updated: 2026-03-29