# druen-node.pages.dev — MALICIOUS

> Explore the phishing threat linked to druen-node.pages.dev, flagged and offline. Learn about its risks and technical details on PhishDestroy.

## Summary
PhishDestroy identifies druen-node.pages.dev as a high-risk generic phishing domain that was actively engaged in deceptive activities. The domain’s recent creation date, February 21, 2026, and its appearance on multiple security blocklists signal aggressive and likely fraudulent intent. VirusTotal analysis further corroborates its malicious nature, with 13 out of 95 security vendors flagging it as suspicious, emphasizing the threat posed to users attempting to access this site.

From a technical standpoint, druen-node.pages.dev resolved to the IP address 172.66.47.122 and was registered through Cloudflare, Inc., a common registrar often exploited for phishing infrastructure due to its ease of setup and content delivery network features. The page title detected, “Suspected phishing site | Cloudflare,” suggests that Cloudflare’s security mechanisms may have intervened to alert users or administrators. The domain’s presence on two separate security blocklists reflects its recognition by multiple threat intelligence sources as a source of phishing attacks.

Currently, druen-node.pages.dev is offline, indicating that remedial actions have been taken to disrupt this phishing campaign. PhishDestroy recommends users continue to exercise caution when encountering similar Cloudflare-hosted domains with recent creation dates and flagged reputations. Security teams should maintain vigilance by monitoring blocklists and intelligence feeds for re-emergence under alternate subdomains or related infrastructure to prevent further exploitation.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.122
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["braden.ns.cloudflare.com", "shaz.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Phishing Database", "Sophos", "VIPRE"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "PhishingDB"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bd7bc-b55d-735d-a418-1793fa131b29.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/4d73ffb1-70f1-41e7-9321-a04913ebf301
- PhishDestroy: https://phishdestroy.io/domain/druen-node.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/druen-node.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/druen-node.pages.dev/
Last updated: 2026-03-19