# ri-bankruptcy-na-777.pages.dev — SUSPICIOUS

> ri-bankruptcy-na-777.pages.dev poses as a bankruptcy notice to steal banking data. Resolves to 172.66.47.133 with 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies ri-bankruptcy-na-777.pages.dev as a bankruptcy-themed phishing domain currently under investigation for targeting financial credentials. This Cloudflare Pages-hosted site mimics legitimate bankruptcy notices, likely to deceive users into entering sensitive banking information. No specific drainer kit or branded spoof (e.g., PayPal, Wells Fargo) has been confirmed yet, but the domain’s structure suggests a generic but high-risk phishing template. The infrastructure leverages legitimate services (Cloudflare, Let’s Encrypt) to appear credible at first glance, though the payload remains unverified pending deeper analysis.


Technical indicators for ri-bankruptcy-na-777.pages.dev include a VirusTotal detection score of 0/95 (as of seed 09530c), indicating no antivirus engines have flagged it despite active warnings. The domain resolves to IP 172.66.47.133 via Cloudflare, Inc., with a Let’s Encrypt SSL certificate providing a false sense of security. Registered through Cloudflare’s Pages service, the domain’s creation date and exact hosting details are obscured by Cloudflare’s anonymization layers. Google Safe Browsing (GSB) status is unconfirmed, and public blocklists show no prior entries, suggesting this may be a newly deployed threat.


Current status: The domain remains active and under investigation, with no confirmed takedowns or blocklist additions as of this assessment. PhishDestroy flags it as a high-risk phishing vector due to its plausible pretext (bankruptcy notices) and reliance on trusted infrastructure to evade detection. Immediate actions for users include avoiding all interactions with the domain, reporting it to browser vendors or GSB, and verifying financial alerts through official channels. Remaining risk is moderate-high, contingent on whether the phishing page activates a drainer kit or expands to other lures. Users should exercise caution with unsolicited bankruptcy-related communications, especially those redirecting to *.pages.dev domains.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.133

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/87e7558e-8702-438c-b6bc-6614e7194c16
- PhishDestroy: https://phishdestroy.io/domain/ri-bankruptcy-na-777.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ri-bankruptcy-na-777.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ri-bankruptcy-na-777.pages.dev/
Last updated: 2026-03-23