# PhishDestroy threat dossier — resourceserver.pages.dev ================================================================ Fetched: 2026-06-30 02:52:02 UTC Canonical: https://phishdestroy.io/domain/resourceserver.pages.dev/ ## VERDICT ---------------------------------------------------------------- CRITICAL THREAT — DO NOT VISIT Composite threat score: 100/100 (PhishDestroy scoring — see methodology below) Scam classification: Crypto Drainer ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 5/91 security vendors flagged this domain Flagging vendors: ADMINUSLabs, alphaMountain.ai, Forcepoint ThreatSeeker, Fortinet, Webroot Public blocklists: listed on 1 independent blocklist ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 172.66.44.230 (CA, Toronto) ASN: AS13335 Cloudflare, Inc. Hosting org: Cloudflare, Inc. Registrar: Cloudflare Pages Registered: 2026-06-02 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Google Trust Services / WE1 Expires: 2026-08-01 Status: INVALID chain Fingerprint: a750efddaa22f4102c6518a08494c4a8620c3691bba12da941ec0e8798ddfe1d ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-06-02 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-06-02 13:30:09 UTC (by PhishDestroy tracker) First reported: 2026-06-15 00:27:29 UTC (abuse notice filed) Last verified: 2026-06-30 04:20:35 UTC Current status: ACTIVE / observable ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-06-18 16:41:19 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] PhishDestroy identifies resourceserver.pages.dev as a high-risk crypto drainer, a type of generic phishing designed to steal cryptocurrency wallet credentials and drain funds. This domain is currently active and appears on at least one security blocklist, signaling a credible threat to users who may encounter it through deceptive emails or social media links. The domain was registered on June 2, 2026, through Cloudflare Pages, a service often abused by malicious actors for its ease of setup and CDN capabilities. VirusTotal analysis shows that 5 out of 95 security vendors flag this domain as malicious, a significant detection rate that underscores its dangerous nature. The domain's IP address is associated with Cloudflare's infrastructure, and its trust score is critically low based on aggregated threat intelligence. These technical indicators, combined with its recent creation date and active status, paint a clear picture of a phishing campaign targeting cryptocurrency users. To protect against this crypto drainer threat, users should never enter private keys or seed phrases on any website, especially those linked from unsolicited messages. Always verify the URL carefully—legitimate crypto platforms use official domains, not free subdomains like this one. Use a hardware wallet and enable two-factor authentication. If you have already interacted with this domain, immediately transfer funds to a new wallet and run a security scan on your device. Report the domain to PhishDestroy and relevant authorities to help takedown efforts. ## EVIDENCE HASHES ---------------------------------------------------------------- Favicon MD5: b8a0bf372c762e966cc99ede8682bc71 TLS cert SHA-256: a750efddaa22f4102c6518a08494c4a8620c3691bba12da941ec0e8798ddfe1d ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/resourceserver.pages.dev/ JSON API: https://api.destroy.tools/v1/check?domain=resourceserver.pages.dev Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 172,677 domains (13,021 alive under monitoring, 159,066 confirmed takedowns/dead). Site: https://phishdestroy.io