# PhishDestroy threat dossier — briototo-exploramexicotours.pages.dev ================================================================ Fetched: 2026-05-04 14:18:26 UTC Canonical: https://phishdestroy.io/domain/briototo-exploramexicotours.pages.dev/ ## VERDICT ---------------------------------------------------------------- HIGH THREAT — malicious activity confirmed Composite threat score: 70/100 (PhishDestroy scoring — see methodology below) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 0/91 security vendors flagged this domain ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 188.114.96.3 (CA, Toronto) ASN: AS13335 Cloudflare, Inc. Hosting org: CloudFlare, Inc. Registrar: Cloudflare, Inc. Nameservers: garrett.ns.cloudflare.com, iris.ns.cloudflare.com Registered: 2026-04-27 Page title: BRIOTOTO | Game Online Terpercaya Dengan Fitur Menarik Dan Banyak Keuntungannya. HTTP response: 200 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Let's Encrypt / E8 Expires: 2026-07-25 Status: INVALID chain Fingerprint: b2982796e79a28b4aad5d8a38b11ebc6ae6c50fe7bb1d2273c937effe1432881 ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-04-27 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-04-27 18:53:00 UTC (by PhishDestroy tracker) Last verified: 2026-04-29 19:40:23 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019dcfa3-a6a6-7527-8096-f5150a5559f6/ Wayback Machine: https://web.archive.org/web/*/briototo-exploramexicotours.pages.dev crt.sh CT logs: https://crt.sh/?q=%25.briototo-exploramexicotours.pages.dev Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=briototo-exploramexicotours.pages.dev AlienVault OTX: https://otx.alienvault.com/indicator/domain/briototo-exploramexicotours.pages.dev URLhaus: https://urlhaus.abuse.ch/host/briototo-exploramexicotours.pages.dev/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-04-27 18:53:33 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] PhishDestroy identifies briototo-exploramexicotours.pages.dev as an active crypto drainer impersonating Mexico Tours. This page is under investigation but remains accessible, posing immediate risk to visitors. Domains like this often trick users into connecting crypto wallets under false pretenses, such as fake tour promotions or giveaways, to drain funds directly. This domain was flagged with a risk level of under_investigation but is actively distributing malicious content. It resolves to IP address 188.114.96.3 via Cloudflare, Inc., using a Let's Encrypt SSL certificate for added deception. As of the latest scan, it shows 0 detections out of 95 on VirusTotal, indicating it is not yet widely blacklisted. The domain is hosted on Cloudflare Pages, a legitimate platform that has been abused by threat actors to host phishing and malware campaigns quickly. To mitigate risk, users should avoid interacting with this site entirely. Do not click any links, connect wallets, or input personal or payment details. If you’ve already connected a wallet or entered information, revoke permissions immediately via your wallet provider and run a security scan on your device. Always verify URLs and use tools like PhishDestroy to validate domains before engaging. Report this domain to your security provider or PhishDestroy to help block further distribution. ## EVIDENCE HASHES ---------------------------------------------------------------- TLS cert SHA-256: b2982796e79a28b4aad5d8a38b11ebc6ae6c50fe7bb1d2273c937effe1432881 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/briototo-exploramexicotours.pages.dev/ JSON API: https://api.destroy.tools/v1/check?domain=briototo-exploramexicotours.pages.dev Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 145,584 domains (56,151 alive under monitoring, 89,173 confirmed takedowns/dead). Site: https://phishdestroy.io