# z3x-withdraw.pages.dev — SUSPICIOUS

> PhishDestroy identifies z3x-withdraw.pages.dev hosting a fake cryptocurrency withdrawal scam, detected with 0/95 VirusTotal scores. Check the full report.

## Summary
PhishDestroy identifies an active phishing campaign leveraging z3x-withdraw.pages.dev to impersonate a cryptocurrency withdrawal portal. This domain mimics legitimate withdrawal interfaces to deceive users into submitting private wallet keys or credentials, granting threat actors access to funds. The infrastructure relies on Google Trust Services for SSL certificates and resolves to IP 172.66.44.138, hosted by Cloudflare, Inc. as part of their Pages.dev platform.

This domain exhibits minimal detection with 0/95 VirusTotal detections, reflecting evasion tactics such as short-lived infrastructure or reliance on reputable hosting services. Registered through Cloudflare, Inc., the domain exploits Pages.dev’s dynamic DNS and free hosting to rapidly deploy and abandon campaigns, complicating takedown efforts. While the exact creation date remains unverified, the absence of blocklist entries suggests recent activation aligned with ongoing threat activity.

Users who interacted with this domain should immediately revoke any compromised credentials, transfer remaining assets to a new wallet, and scan devices for malware. Disable autofill features in browsers and enable two-factor authentication on all crypto accounts. Report fraudulent transactions to the relevant blockchain explorer and platform support teams using evidence such as transaction hashes or wallet addresses. Avoid clicking unknown links and verify URLs via official channels before entering sensitive information.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.138

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/6725bc9b-9367-4a10-8d56-b0c62de602cc
- PhishDestroy: https://phishdestroy.io/domain/z3x-withdraw.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/z3x-withdraw.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/z3x-withdraw.pages.dev/
Last updated: 2026-03-24