mint-ator.pages[.]dev
Category: Malicious
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.
Description of mint-ator.pages[.]dev
The domain mint-ator.pages[.]dev appears to be a web page related to the ATOR project, presenting itself as a cryptocurrency or blockchain minting interface. The page title, branding, and screenshot indicate a themed landing page for "Mint Reserve Receive," with messaging aimed at RELAY NFT holders and a prominent wallet-connection prompt. It also links out to ator.io, project documentation, and a project-related Medium profile, which suggests it may be intended to support an ATOR ecosystem campaign or token/NFT workflow.
Based on the visible content, this is not a general corporate homepage but a focused campaign or transaction page hosted on a pages.dev subdomain. The wording about exchanging an NFT, providing 250 ATOR, and minting a new multiplier NFT suggests a crypto asset interaction flow rather than an informational site. Because it is hosted on a subdomain rather than the apparent primary brand domain, visitors may want to verify whether it is officially operated by the ATOR project before connecting a wallet or approving any blockchain transaction.
Safety Assessment for mint-ator.pages[.]dev
Scan results show mixed signals at the time of this scan. The domain was flagged by 6 out of 92 security engines, with several classifying it as phishing or malicious, while the malware file scan did not identify any flagged files and multiple blacklist databases were clean. This kind of split result can occur with newly reported phishing pages, cloned campaign pages, or wallet-connection lures that do not rely on traditional malware files.
The page content itself raises additional caution indicators. It appears to imitate or closely align with ATOR branding while being hosted on mint-ator.pages[.]dev rather than the main ator.io domain, and it prominently encourages users to connect a wallet in connection with an NFT/token action. In cryptocurrency contexts, pages like this may be used for credential harvesting, wallet approval abuse, or misleading token/NFT claims even when no downloadable malware is present.
Given the multi-engine phishing detections, the low trust score, and the wallet-connection prompt on a secondary hosting domain, this website may pose potential risks to visitors at the time of this scan. Based on these findings, users should independently verify the page through the project's primary domain or official channels before interacting with it.
Technical Description
The site is hosted behind Cloudflare infrastructure on IP address 172.66.44.79, with a valid TLS certificate issued by Google Trust Services and an expiry in 2026. The domain uses Cloudflare nameservers and appears to be served through the cloudflare web server stack. DNSSEC is unsigned, which is common but means DNS responses do not benefit from DNSSEC validation.
From a technical scanning perspective, no malicious files, flagged external links, or iframe issues were identified in the provided crawl, and blacklist databases were clean at the time of this scan. However, the use of a pages.dev subdomain for a crypto wallet interaction page, combined with phishing detections from multiple security engines, is a notable concern even without file-based malware indicators.
Share your experience with this website. Was it safe? Did you encounter any issues?