# blocks-resolved.pages.dev — SUSPICIOUS

> blocks-resolved.pages.dev mimics a domain blocklist to trick users into entering credentials. Threat verified with 2/95 VirusTotal flags and Cloudflare hosting.

## Summary
PhishDestroy identifies blocks-resolved.pages.dev as an active phishing site posing as a domain blocklist service with the sole purpose of harvesting login credentials. The page presents a convincing interface that appears to analyse domains, but instead captures any input entered into its form fields, sending stolen data to remote attackers. Users who enter their email or password risk account takeovers and potential follow-on attacks like credential stuffing across other services.


This domain was flagged by 2 out of 95 VirusTotal security vendors within hours of its first appearance on the internet. Amazon CloudFront and Google Trust Services certificates mask the site’s true hosting location at IP address 172.66.44.92, a Cloudflare spectrum endpoint commonly abused for short-lived phishing campaigns. The domain resolves through Cloudflare, Inc. as registrar and hosting provider, leveraging legitimate infrastructure to evade traditional network-level blocks. Despite its polished presentation, the site lacks any legitimate blocklist functionality and should be treated as hostile.


Anyone who visited blocks-resolved.pages.dev should immediately change any passwords entered on the site and enable multi-factor authentication on all related accounts. If the same credentials were reused elsewhere, update those accounts immediately. Clear browser cache and cookies for the domain, then run a reputable antivirus or anti-malware scan to detect any persistent threats. Report the domain to your organisation’s security team or to PhishDestroy to help block it for others. Avoid re-entering sensitive data on any page hosted at this domain or its related IP space.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.92

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/d9de9fac-6562-4986-b423-d291c9046f20
- PhishDestroy: https://phishdestroy.io/domain/blocks-resolved.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/blocks-resolved.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/blocks-resolved.pages.dev/
Last updated: 2026-03-22