# PhishDestroy threat dossier — cryptopump.lol ================================================================ Fetched: 2026-07-14 12:16:57 UTC Canonical: https://phishdestroy.io/domain/cryptopump.lol/ ## VERDICT ---------------------------------------------------------------- TAKEN DOWN (neutralised) Composite threat score: 100/100 (PhishDestroy scoring — see methodology below) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 0/91 security vendors flagged this domain Public blocklists: listed on 3 independent blocklists ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 188.114.96.3 (CA, Toronto) ASN: AS13335 Cloudflare, Inc. Hosting org: CloudFlare, Inc. Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com Nameservers: aria.ns.cloudflare.com, seth.ns.cloudflare.com Registered: 2026-07-08 Expires: 2027-07-08 Page title: Just a moment... HTTP response: 200 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Google Trust Services / WE1 Expires: 2026-10-06 Status: INVALID chain Fingerprint: 1bc14b0e3662257b3ba3b7a03296b71a04cd50e918a6183fc60484a739c5fe78 ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: CLOSED — no report required. This domain was neutralised before the abuse-report cycle could be dispatched — either the hosting provider / registrar suspended it on their own, the DNS went dead, or the operator abandoned the infrastructure. PhishDestroy keeps the evidence bundle on file for audit but no formal notice was sent. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-07-08 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-07-08 18:21:19 UTC (by PhishDestroy tracker) Last verified: 2026-07-14 12:20:41 UTC Neutralised: 2026-07-09 00:02:06 UTC Current status: taken down (registrar suspended or DNS dead) ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019f4287-f21f-76db-b084-65dd8814c182/ URLQuery: https://urlquery.net/report/3d488eed-83ca-4d97-b242-3f154e8da295 Wayback Machine: https://web.archive.org/web/*/cryptopump.lol crt.sh CT logs: https://crt.sh/?q=%25.cryptopump.lol Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=cryptopump.lol AlienVault OTX: https://otx.alienvault.com/indicator/domain/cryptopump.lol URLhaus: https://urlhaus.abuse.ch/host/cryptopump.lol/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-07-08 18:27:05 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] This domain, cryptopump.lol, is confirmed to be a phishing site. Phishing sites are designed to trick users into providing sensitive information such as login credentials, personal data, or financial details, which can then be used for fraudulent activities. These sites often mimic legitimate websites to gain the trust of unsuspecting visitors. Analysis indicates that cryptopump.lol was registered through PDR Ltd. d/b/a PublicDomainRegistry.com on July 08, 2026. Despite the domain's recent creation, it has not yet been flagged by antivirus engines, with a detection count of 0/95 on VirusTotal. The SSL certificate is issued by Google Trust Services, which may give a false sense of security. The domain resolves to the IP address 188.114.96.3, and it remains active as of the latest assessment. If you have visited cryptopump.lol, it is crucial to take immediate action to protect your information. First, check your recent account activity for any unauthorized transactions or logins. Change passwords for any accounts that may have been compromised, and consider enabling two-factor authentication for an added layer of security. Additionally, report the site to your internet service provider and any relevant security organizations to help prevent others from falling victim to this phishing scheme. ## EVIDENCE HASHES ---------------------------------------------------------------- Favicon MD5: c3da85a3173a4ec9d42682016f6a69e2 TLS cert SHA-256: 1bc14b0e3662257b3ba3b7a03296b71a04cd50e918a6183fc60484a739c5fe78 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (operator takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/cryptopump.lol/ JSON API: https://api.destroy.tools/v1/check?domain=cryptopump.lol Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: independent open-source threat-intelligence platform. Tracked: 178,500 domains (50,139 alive under monitoring, 128,361 confirmed takedowns/dead). Site: https://phishdestroy.io