# restoreweb.pages.dev — SUSPICIOUS > restoreweb.pages.dev is a crypto drainer impersonating a web restoration tool. Flagged by 1 of 95 VirusTotal vendors. Verify safety on PhishDestroy. ## Summary PhishDestroy identifies restoreweb.pages.dev as an active generic phishing domain impersonating a web restoration service, posing an elevated risk to unsuspecting users. This domain employs deceptive tactics to trick visitors into divulging sensitive information or downloading malicious payloads under the guise of legitimate web repair utilities. Current telemetry confirms the threat remains active, with no indication of takedown or remediation. This domain, registered through Cloudflare, Inc., resolves to IP address 172.66.44.147 and operates under a Google Trust Services SSL certificate, which may lend an air of legitimacy to casual observers. Threat intelligence sources reveal that 1 out of 95 VirusTotal security vendors have flagged this domain as malicious, indicating limited but present detection coverage. The domain's infrastructure leverages Cloudflare's Pages.dev platform, a legitimate service often abused by threat actors for hosting phishing lures and fraudulent landing pages. While the SSL certificate appears valid, its presence should not be interpreted as a seal of safety, as malicious actors frequently exploit trusted certificate authorities to enhance credibility. Given the active status of this threat and its potential to deceive users seeking web restoration services, PhishDestroy recommends immediate defensive actions. Organizations and individuals should block traffic to and from restoreweb.pages.dev at the network perimeter using DNS sinkholing or firewall rules. Users who may have interacted with this domain should conduct a full security audit of their systems, including scanning for unauthorized cryptocurrency wallet access or credential harvesting malware. Additionally, this domain and its associated infrastructure should be reported to Cloudflare's abuse channels for further investigation and potential takedown. Continuous monitoring of this domain for new indicators of compromise is strongly advised to prevent further exploitation. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.147 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/3e4bc5cb-bcc2-450c-9522-b9d0d3450ae3 - PhishDestroy: https://phishdestroy.io/domain/restoreweb.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/restoreweb.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/restoreweb.pages.dev/ Last updated: 2026-03-24