# onchaincert.pages.dev — SUSPICIOUS

> onchaincert.pages.dev is a crypto phishing site mimicking certificates. Flagged by 0/95 VirusTotal, resolves to 172.66.44.71.

## Summary
PhishDestroy identifies onchaincert.pages.dev as a generic phishing domain actively distributing deceptive cryptocurrency certificates under Cloudflare’s Pages.dev infrastructure.

This domain was flagged by 0 of 95 VirusTotal vendors as of the latest scan, indicating a currently undetected threat. The domain is registered through Cloudflare, Inc., resolves to IP address 172.66.44.71, and is secured with a Google Trust Services SSL certificate. Despite zero detections on VirusTotal, the absence of community or vendor flags does not equate to safety. Historical data shows that such domains often appear benign until malicious activity escalates, particularly in campaigns targeting cryptocurrency users seeking certification credentials.

The domain is currently marked as active with a status of 'under investigation,' reflecting ongoing scrutiny by threat intelligence teams. Given the lack of immediate detection despite Cloudflare’s hosting and Google’s SSL trust chain, users should treat this domain with extreme caution. Concrete recommendations include avoiding any interaction with onchaincert.pages.dev, verifying the legitimacy of certificate providers through official channels, and reporting encounters to threat intelligence platforms. Network administrators are advised to monitor outbound traffic to IP 172.66.44.71 and block associated domains to prevent potential compromise in enterprise environments.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.71

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4ab7385e-a5ee-4eb0-b32c-f50c1131b468
- PhishDestroy: https://phishdestroy.io/domain/onchaincert.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/onchaincert.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/onchaincert.pages.dev/
Last updated: 2026-03-26