# ragesol.lol — SUSPICIOUS

> ragesol.lol identified as a live credential harvesting domain. VirusTotal 0/95 detections. Full indicators and IOCs available. Check the full report.

## Summary
ragesol.lol has been flagged by PhishDestroy as a potential credential harvesting domain engaged in a low-volume but active campaign. Initial telemetry indicates this domain is currently resolving to 172.67.174.207 and was registered through Namecheap Inc. on March 30, 2026, suggesting a very recent deployment. While the domain remains undetected across 95 VirusTotal engines, its active status and fresh certificate issuance via Let's Encrypt warrant immediate scrutiny, particularly given the absence of prior blocklist coverage. Users are advised to avoid interaction until further IOCs and behavioral patterns are established.  This domain poses a targeted risk due to its likely use in phishing lures designed to harvest user credentials or deliver malware under the guise of legitimate services. The lack of detection—0 detections against 95 engines on VirusTotal—combined with the use of a legitimate registrar and SSL certificate, indicates an attempt to evade early-stage detection mechanisms. The domain’s recent creation date (March 30, 2026) and resolution to a Cloudflare IP (172.67.174.207) further support the hypothesis of a short-lived, high-impact campaign aimed at bypassing static defenses. Given the absence of historical blocklist data, organizations should treat this domain as a potential zero-day threat until additional telemetry is collected.  If users have already accessed ragesol.lol, they should immediately reset any credentials entered on the site, scan local devices for malware using updated antivirus tools, and monitor accounts for unusual activity. Enterprises are urged to block the domain at the network perimeter and update proxy/firewall rules to deny access. Security teams should also hunt for related domains registered around the same time or resolving to the same IP, as these may indicate an expanded campaign. Further analysis is ongoing, and IOCs will be shared via threat intelligence platforms as they become available. Vigilance and rapid response are critical to mitigating potential fallout from this campaign.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-30 18:35:59
- Registrar: NAMECHEAP INC
- IP: 172.67.174.207

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/27b6994a-5bb3-4d75-b901-d5801f74a312
- PhishDestroy: https://phishdestroy.io/domain/ragesol.lol/
- LLM endpoint: https://phishdestroy.io/domain/ragesol.lol/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ragesol.lol/
Last updated: 2026-03-31