# PhishDestroy threat dossier — triaslab-one.pages.dev ================================================================ Fetched: 2026-07-03 06:21:08 UTC Canonical: https://phishdestroy.io/domain/triaslab-one.pages.dev/ ## VERDICT ---------------------------------------------------------------- CRITICAL THREAT — DO NOT VISIT Composite threat score: 100/100 (PhishDestroy scoring — see methodology below) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 0/91 security vendors flagged this domain Public blocklists: listed on 3 independent blocklists ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 172.66.47.119 (CA, Toronto) ASN: AS13335 Cloudflare, Inc. Hosting org: Cloudflare, Inc. Registrar: Cloudflare, Inc. Nameservers: nancy.ns.cloudflare.com, remy.ns.cloudflare.com Page title: Migrate | Link the world with trust HTTP response: 200 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Google Trust Services / WE1 Expires: 2026-08-22 Status: INVALID chain Fingerprint: b16d9ece6a2ce3f8da26550169cffc3bf01fee09541fcded1ffb67d0dff35a45 ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- First detected: 2026-06-30 19:51:25 UTC (by PhishDestroy tracker) Last verified: 2026-07-03 08:20:35 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019f19a6-d4ee-767f-827f-4e8fe3c6c420/ Wayback Machine: https://web.archive.org/web/*/triaslab-one.pages.dev crt.sh CT logs: https://crt.sh/?q=%25.triaslab-one.pages.dev Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=triaslab-one.pages.dev AlienVault OTX: https://otx.alienvault.com/indicator/domain/triaslab-one.pages.dev URLhaus: https://urlhaus.abuse.ch/host/triaslab-one.pages.dev/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-06-30 19:55:54 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] The domain triaslab-one.pages.dev has been identified as a generic phishing threat. It poses risks by attempting to deceive users via its page title 'Migrate | Link the world with trust'. The infrastructure does not directly link to any recognized brands, suggesting an attempt to establish credibility through misleading means. Technical indicators reveal that VirusTotal has a detection score of 0/95, indicating that the domain has not been flagged yet by security vendors. The domain is registered through Cloudflare, Inc. and resolves to the IP address 172.66.47.119. There are currently no entries on blocklists, and the Google Trust Services SSL certificate suggests a level of legitimacy that could mislead potential victims. The exact creation date of the domain is unknown at this time, but its current status is flagged as active, and it is under investigation for the risks it poses. As of now, the domain is active and presents a threat as it remains under investigation. Response actions may include monitoring traffic associated with this domain as well as alerting users to potentially deceptive communications. The lack of VirusTotal detections raises concerns for the integrity of user data and potential financial loss. Users are advised to proceed with caution when dealing with communications that reference this domain. ## EVIDENCE HASHES ---------------------------------------------------------------- Favicon MD5: b8a0bf372c762e966cc99ede8682bc71 TLS cert SHA-256: b16d9ece6a2ce3f8da26550169cffc3bf01fee09541fcded1ffb67d0dff35a45 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (operator takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/triaslab-one.pages.dev/ JSON API: https://api.destroy.tools/v1/check?domain=triaslab-one.pages.dev Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: independent open-source threat-intelligence platform. Tracked: 174,154 domains (13,613 alive under monitoring, 159,748 confirmed takedowns/dead). Site: https://phishdestroy.io