# rust.plusofgame.com — SUSPICIOUS > PhishDestroy identifies rust.plusofgame.com as a credential theft page spoofing Rust. VirusTotal score: 1/95. Block immediately via GSB and network rules. ## Summary PhishDestroy identifies rust.plusofgame.com as an active credential theft page designed to mimic the Rust programming language portal. The domain presents a faux login interface likely harvesting user credentials for subsequent account takeovers or crypto wallet draining. No evidence of a crypto drainer kit or branded assets was found in the accessible payload; however, the page’s sole purpose is credential exfiltration via a remote endpoint. The page’s visual styling closely mirrors official Rust documentation sites, increasing the risk of successful deception among developers seeking language resources or package mirrors. Threat actors have leveraged this tactic to gain access to developer accounts, Git repositories, and associated cryptocurrency holdings. This domain was flagged by PhishDestroy with an elevated risk classification. Technical indicators include a VirusTotal detection ratio of 1 out of 95 security vendors at time of analysis, a Let's Encrypt SSL certificate, and resolution to IP 172.67.169.152. The domain was registered through CNOBIN INFORMATION TECHNOLOGY LIMITED on March 28, 2026 — a recent registration indicative of opportunistic abuse. Google Safe Browsing (GSB) status is currently unlisted. Aggregated blocklist intelligence shows minimal coverage, with only one security vendor recognizing the threat. The low VT detection rate suggests a newly emerged threat with limited vendor awareness, raising the risk of successful compromise. rust.plusofgame.com remains active and poses a credible credential theft risk to Rust developers and organizations. PhishDestroy recommends immediate blacklisting via network and endpoint controls, including GSB enterprise policies and local host file entries. Monitor DNS queries and SSL handshakes to IP 172.67.169.152 for lateral movement. Users should verify all Rust-related downloads and login prompts against official domains (rust-lang.org) and enable multi-factor authentication on developer accounts. Remaining risk is elevated until full vendor coverage is achieved and the domain is universally blocked. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-28 23:07:01 - Registrar: CNOBIN INFORMATION TECHNOLOGY LIMITED - IP: 172.67.169.152 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/a2c7d0f7-3e5f-485d-829f-a082338f8c59 - PhishDestroy: https://phishdestroy.io/domain/rust.plusofgame.com/ - LLM endpoint: https://phishdestroy.io/domain/rust.plusofgame.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/rust.plusofgame.com/ Last updated: 2026-03-31