# cyrusfinance.pages.dev — MALICIOUS

> cyrusfinance.pages.dev is flagged as a medium-risk phishing site. Avoid sharing sensitive info and verify URLs before interacting.

## Summary
PhishDestroy identifies cyrusfinance.pages.dev as a generic phishing domain currently active and posing a medium risk. It is designed to deceive users by mimicking legitimate finance-related services.

The domain resolves to IP 188.114.96.3 and is registered via Cloudflare, Inc. VirusTotal analysis shows 3 out of 95 security vendors detect malicious activity associated with it. These indicators suggest an ongoing phishing infrastructure leveraging popular hosting to mask intent.

The domain remains active and users are advised to avoid all interaction. Continuous monitoring is recommended to detect any changes in behavior or threat level, while blocking this domain is advised for user protection.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-03-04 15:07:01
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 188.114.96.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: joan.ns.cloudflare.com wells.ns.cloudflare.com
- SSL Issuer: Let's Encrypt / E7

## Detection Status
- VirusTotal: 12 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Phishing Database", "Sophos", "VIPRE"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://i.ibb.co/7tmPQNpZ/ed54b2974a95.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/b1155494-8556-4565-bc25-e09d04365fe4
- Wayback Machine: https://web.archive.org/web/https://cyrusfinance.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/cyrusfinance.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/cyrusfinance.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/cyrusfinance.pages.dev/
Last updated: 2026-03-19