# edge-rabbitx-desk.pages.dev — SUSPICIOUS

> edge-rabbitx-desk.pages.dev: active crypto drainer impersonating a major brand. Flagged by 0/95 VirusTotal vendors. Block immediately.

## Summary
PhishDestroy identifies active malicious infrastructure hosted at edge-rabbitx-desk.pages.dev linked to a crypto drainer campaign currently under investigation by the SOC team. This domain is leveraging Cloudflare Pages to deliver a convincing fake interface designed to siphon cryptocurrency wallet credentials and drain digital assets. The campaign remains active with no current detections on VirusTotal, indicating potential evasion of signature-based defenses. The domain was registered recently and is hosted behind Cloudflare’s proxy network, complicating direct takedown and forensic analysis.

Technical indicators confirm this domain resolves to 172.66.44.168 and utilizes a Google Trust Services SSL certificate to increase legitimacy. As of the latest scan, no VirusTotal vendor has flagged this domain (0/95 detections), and it remains unlisted on major threat intelligence blocklists. The domain was registered through Cloudflare, Inc., which often obscures true ownership and hosting details. Although trust scores from external services are currently unavailable, the lack of detections suggests this threat may be in its early operational phase or using novel evasion techniques.

The domain is flagged as active and under investigation with a medium risk rating pending deeper behavioral analysis. Due to the potential for immediate financial loss through cryptocurrency theft, immediate blocking of edge-rabbitx-desk.pages.dev at the network perimeter is strongly advised. Additionally, monitor DNS logs for resolution to 172.66.44.168 and inspect outbound SSL/TLS connections toward domains using Google Trust Services certificates with recent registration dates. Users should be alerted to avoid any interactions involving wallet connections or transaction signing prompts originating from this domain or its associated infrastructure. A threat hunt should be initiated across endpoints for artifacts related to crypto wallet extensions or clipboard hijackers that may indicate prior compromise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.168

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/2159b1e9-12f9-46bf-8adb-5a9bc3bfee0d
- PhishDestroy: https://phishdestroy.io/domain/edge-rabbitx-desk.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/edge-rabbitx-desk.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/edge-rabbitx-desk.pages.dev/
Last updated: 2026-04-12