# cremagourmet.pages.dev — SUSPICIOUS > PhishDestroy flags cremagourmet.pages.dev as a credential theft site delivering a crypto drainer. Zero of 95 VirusTotal engines flagged it yet. ## Summary PhishDestroy identifies cremagourmet.pages.dev as an active credential theft domain that attempts to harvest usernames and passwords under the guise of a gourmet site. Visitors risk having their accounts emptied and crypto wallets drained if login details are submitted. The page presents stylized food imagery and false “member login” prompts to trick users into surrendering credentials that attackers immediately abuse on real services and crypto platforms. Treat every prompt on this domain as hostile; assume any entered data is compromised within seconds. This domain was flagged by PhishDestroy on 2024-05-18. It was registered through Cloudflare, Inc. on 2024-05-15 and currently resolves to 172.66.47.196. As of the last VirusTotal check, zero of 95 security engines detected the threat, underscoring how new and stealthy this campaign remains. The domain uses a Google Trust Services SSL certificate to appear legitimate, but the mismatch between Cloudflare registration and the fake gourmet brand reveals the ruse. If you visited cremagourmet.pages.dev, stop using any passwords you may have entered on the site. Immediately change those credentials on every account where you reused them, especially email, crypto exchanges, and financial services. Run a malware scan on your device to check for infostealers. Report the domain to your browser vendor and to PhishDestroy so others can be warned. Forward any suspicious messages tied to this domain to your organization’s security team or to PhishDestroy’s intake channel for further analysis. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.196 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/cremagourmet.pages.dev - PhishDestroy: https://phishdestroy.io/domain/cremagourmet.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/cremagourmet.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/cremagourmet.pages.dev/ Last updated: 2026-04-08