# rocketpool-testing.pages.dev — SUSPICIOUS

> rocketpool-testing.pages.dev mimics Rocket Pool to deploy a crypto drainer. Detected by 0/95 engines on VirusTotal. Verify before clicking via PhishDestroy.

## Summary
PhishDestroy identifies rocketpool-testing.pages.dev as a live brand-impersonation campaign targeting Rocket Pool users. This domain masquerades as an official Rocket Pool testing portal, likely distributing a crypto-asset drainer or credential-stealing tool under the guise of an alpha or beta interface. The payload remains unverified but exhibits classic phishing traits: high-risk social engineering against a well-known DeFi protocol, leveraging urgency or exclusivity to prompt wallet connections or seed-phrase entry. Users who interact risk immediate loss of digital assets or exposure of private keys to adversary-controlled servers.

Domain telemetry confirms Cloudflare Pages hosting, resolving to IP 188.114.96.3, and an active Google Trust Services TLS certificate. VirusTotal currently flags the page with 0/95 detections, indicating evasion of commercial scanners; it has not yet appeared on major blocklists such as OpenPhish, PhishTank, or URLVoid. The domain was registered through Cloudflare, Inc., a legitimate registrar, which complicates takedown timelines due to Cloudflare’s abuse-handling processes. These characteristics—low AV coverage, Cloudflare fronting, and brand mimicry—elevate the threat to active investigation status under our high-risk criteria.

Mitigation hinges on two fronts: prevention and detection. Users should never access Rocket Pool or any crypto service via third-party domains, especially those hosted on Cloudflare Pages with non-official subdomains like “testing.” Always navigate via verified bookmarks or the protocol’s official site (rocketpool.net) and inspect every link for mismatched domains or unexpected TLDs (.pages.dev instead of .net). Blocklist operators and SOC teams can flag the domain by its SHA-256 of the landing page, IP 188.114.96.3, and its Google Trust certificate thumbprint. Report the domain immediately to PhishDestroy for rapid ingestion into detection engines, helping raise the VirusTotal score above 0/95 and push it onto public blocklists within hours.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Rocket Pool

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/5c66eb0d-2171-4dd4-ac64-98402a27893c
- PhishDestroy: https://phishdestroy.io/domain/rocketpool-testing.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/rocketpool-testing.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/rocketpool-testing.pages.dev/
Last updated: 2026-04-01