# astra-run.pages.dev — MALICIOUS

> Discover if astra-run.pages.dev is safe or a phishing threat. Learn about its risks and current status to protect your online security.

## Summary
PhishDestroy identifies astra-run.pages.dev as a high-risk generic phishing domain actively targeting unsuspecting users. This domain is designed to deceive visitors by mimicking legitimate services to steal sensitive information such as login credentials or financial data. Due to its high threat level, users are strongly advised to avoid interacting with this site.

The domain astra-run.pages.dev was registered on February 21, 2026, through Cloudflare, Inc., a common registrar used by threat actors to mask identity and infrastructure. It is currently hosted on Cloudflare's pages.dev platform, which allows attackers to exploit trusted hosting to increase credibility. The domain appears on multiple security blocklists and has been flagged by 16 out of 95 security vendors in VirusTotal scans, indicating widespread detection across various threat intelligence sources.

As of now, astra-run.pages.dev remains active and continues to pose a significant threat. PhishDestroy recommends that users and organizations block access to this domain immediately. Security teams should update filtering and monitoring systems to detect and prevent connections to this domain. Users encountering suspicious prompts from this site should refrain from submitting any personal information and report the activity to their cybersecurity team or service provider.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.66
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["hasslo.ns.cloudflare.com", "macy.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "Bfore.Ai PreCrime", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Phishing Database", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "PhishingDB"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a7635-d200-7308-b68d-1ed796eda981.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/f9941dd9-9c66-4ca5-8e98-aab70163eb88
- PhishDestroy: https://phishdestroy.io/domain/astra-run.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/astra-run.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/astra-run.pages.dev/
Last updated: 2026-03-19