# runtime.rest — SUSPICIOUS

> runtime.rest is under investigation for potential phishing. Exercise caution and avoid sharing sensitive data on this domain.

## Summary
PhishDestroy identifies runtime.rest as a suspicious domain potentially involved in generic phishing activities. Registered recently on February 23, 2026, the domain classification remains under investigation due to concerning usage patterns. The domain’s early age and registrar choice add to the caution required by users and security professionals.

Technically, runtime.rest resolves to IP address 188.114.96.3 and is registered through Global Domain Group LLC. Despite no current detections from VirusTotal or security vendors—0 out of 95 engines flagged it—the domain's infrastructure and setup raise red flags warranting further scrutiny. No confirmed malicious payloads have been reported yet, but ongoing monitoring is advised.

The domain remains active with no immediate takedown or blocking actions applied. PhishDestroy recommends that users avoid interacting with runtime.rest until more definitive intelligence confirms its safety or maliciousness. Organizations should consider this domain suspicious and implement necessary monitoring for phishing attempts linked to it.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 403)
- Page title: Just a moment...

## Domain Intelligence
- Registered: 2026-03-03 19:07:02
- Registrar: Global Domain Group LLC
- Country: US
- IP: 188.114.96.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["anirban.ns.cloudflare.com", "marjory.ns.cloudflare.com"]
- SSL Issuer: Let's Encrypt / E8

## Detection Status
- VirusTotal: 1 vendors flagged
  Vendors: ["SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://i.ibb.co/Gf7DmhQV/303d63a0117f.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/d0381715-5c23-421b-9d87-d4e454c4178d
- Wayback Machine: https://web.archive.org/web/https://runtime.rest
- PhishDestroy: https://phishdestroy.io/domain/runtime.rest/
- LLM endpoint: https://phishdestroy.io/domain/runtime.rest/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/runtime.rest/
Last updated: 2026-03-19