# rocketpool-onchain.pages.dev — SUSPICIOUS > PhishDestroy flags rocketpool-onchain.pages.dev as a crypto drainer impersonating Rocket Pool. SSL issued by Google Trust Services (172.66.45.22). ## Summary PhishDestroy identifies the domain rocketpool-onchain.pages.dev as an active brand-impersonation campaign targeting users of Rocket Pool, an Ethereum staking protocol. The page masquerades as Rocket Pool's official site, likely to trick visitors into connecting crypto wallets or entering seed phrases. Technical artifacts suggest a crypto-drainer kit may be hosted, but analysis remains ongoing to confirm exact payload behavior. The campaign exploits the trust associated with Rocket Pool to maximize victim engagement and illicit fund transfers. Technical indicators for rocketpool-onchain.pages.dev reveal a lightweight footprint with limited detection thus far. VirusTotal shows 0 detections out of 95 scanners. The domain is registered through Cloudflare, Inc., resolving to IP 172.66.45.22 via an SSL certificate issued by Google Trust Services. The domain is hosted on Cloudflare Pages and was created recently; metadata suggests it surfaced within the last 30 days. Google Safe Browsing (GSB) has not yet flagged this domain, and it remains absent from all major public blocklists, underscoring the importance of proactive detection. This domain is currently classified as 'active' with a risk level of 'under_investigation' by the SOC. While initial analysis suggests impersonation rather than a fully weaponized drainer, the absence of detections and GSB coverage elevates risk. PhishDestroy recommends immediate domain blocking and user caution. The team continues behavioral sandboxing to extract payloads and update detection rules. Remaining risk is assessed as moderate given the active status and potential for rapid evolution into a fully operational drainer campaign. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Rocket Pool ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.45.22 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/ce0184ca-0807-4c07-ad32-624278334ca3 - PhishDestroy: https://phishdestroy.io/domain/rocketpool-onchain.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/rocketpool-onchain.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/rocketpool-onchain.pages.dev/ Last updated: 2026-03-22