TLD Threat Intelligence

Flagged .dev Domains

384 domains using the .dev extension have been flagged by threat-intelligence feeds. The .dev extension is not specifically high-risk, but it is still used by scammers. The TLD alone does not determine whether a specific domain is safe.

384
Flagged Domains
32
Avg Risk Score
Jul 5
Last Flagged

Flagged .dev Domains

60 shown
DomainLast Seen
moz-extension-getstarted-coinbase-extension.pages.dev Jul 5 verification-record-hub.pages.dev Jul 5 berzani-gld-larmora-a1x6hc84.pages.dev Jul 5 morlavo-gld-lentami-c4t7pf86.pages.dev Jul 5 p7o-yb7jq-74o-n1qaw-17d7.pages.dev Jul 5 berzora-gld-larqumi-c4t3fp92.pages.dev Jul 5 draveta-gld-felmora-r6t8hp75.pages.dev Jul 5 xelquni-gld-zentora-c3x5dk13.pages.dev Jul 5 pancakeswapfinances.pages.dev Jul 5 pwn1i-7mx-e83-7be-za3yks.pages.dev Jul 5 qurnela-gld-zelmora-a6t2dk87.pages.dev Jul 5 cnivok-krelna-mk3006tgb-bjbyh-2ch378.pages.dev Jul 5 real-bridge.pages.dev Jul 4 norzani-gld-zentela-p7t3fq97.pages.dev Jul 4 bermora-gld-zentari-c8t4fq95.pages.dev Jul 4 norzeta-gld-lentari-p7t2fq84.pages.dev Jul 4 vormora-gld-fentela-c8x3qk96.pages.dev Jul 4 telquma-gld-varmela-a5t3hc14.pages.dev Jul 4 slonex-fursa-a7c109-wplm-monvek.pages.dev Jul 4 xnivok-trelna-2ed83f-vjbyh-6cb712.pages.dev Jul 4 esgvok-wlnar-2tygr3e-gjbyh-5vw62.pages.dev Jul 4 jlonex-fursa-a7c109-wplm-vhrr.pages.dev Jul 4 vrivok-nlnar-3kp04e-xjygh-6mn783.pages.dev Jul 4 xlavor-bintel-3b82fc-mrkt-grendal.pages.dev Jul 4 sp0ct0-dorvex-biz-prumra-zifvu.pages.dev Jul 4 sp0ct0-irvexa-biz-kolvra-judqo.pages.dev Jul 4 sp0ct0-balvok-biz-krosna-femdu.pages.dev Jul 4 sp0ct0-jelnok-biz-tramka-moldu.pages.dev Jul 4 sp0ct0-curnaq-biz-trivko-jasqi.pages.dev Jul 4 xelvani-gld-zormela-r4x6hz81.pages.dev Jul 4 bervani-gld-zarqumi-r2x6hz83.pages.dev Jul 4 pub-b81078cffc6d471e9d2d977de133536e.r2.dev Jul 4 h82pl5-7ln-thoq-qq2-79bn.pages.dev Jul 3 9598ed23-53c9-4add-900f-e97e1a4313a6-00-8au1j2nnf8uy.riker.replit.dev Jul 3 ulonex-fursa-a7c109-wplm-vhrr.pages.dev Jul 3 dravemi-gld-lentami-p4x9hp12.pages.dev Jul 3 rlavor-bintel-db3006bnh-mrkt-grendal.pages.dev Jul 3 sp0ct0-zorval-biz-talpra-mesqi.pages.dev Jul 3 vormita-gld-lensora-p8t4dk63.pages.dev Jul 2 gnivok-orelna-zc3006tgb-fjbyh-6gl712.pages.dev Jul 2 norquma-gld-belmora-r5x1fc26.pages.dev Jul 2 dravemi-gld-lentora-r8t9hp55.pages.dev Jul 2 morlavo-gld-belquni-r1x2dk84.pages.dev Jul 2 sp0ct0-irnexa-biz-plavik-zomdu.pages.dev Jul 2 sp0ct0-karnex-biz-volpra-jedmu.pages.dev Jul 2 sp0ct0-jorqal-biz-menfro-tusvi.pages.dev Jul 2 v9hnez-mfwj4-h9yn-vhe0-17xr.pages.dev Jul 2 krenox-filda-pl3006ijn-shrr-hfbb.pages.dev Jul 2 telnavi-gld-zarqumi-a8t5fq42.pages.dev Jul 2 dravelo-gld-ventari-r2t7qp34.pages.dev Jul 2 qwqrt-aswer-qafdd.fashmorn.workers.dev Jul 1 portal-web-aorr.davidemiddleton55.workers.dev Jun 24 business-badge-vip14563435vsxf.pages.dev Jun 24 gaihiho.pages.dev Jun 24 yasernew.yaser-nateghi1.workers.dev Jun 23 3cud-je09-uln1.accounting-coralridgetowerssouth-com-s-account.workers.dev Jun 23 blue-paper-f69f.acrypters.workers.dev Jun 23 tight-butterfly-24b3.dcctavjjrwonaqe.workers.dev Jun 22 lomfi-lotra-biz-rentra-dokli-sp19ct3bur.pages.dev Jun 22 steam-totp.pages.dev Jun 20

Frequently Asked Questions

Are all .dev websites scams?

No. The .dev extension is not specifically high-risk, but it is still used by scammers. The TLD alone does not determine whether a specific domain is safe. Many legitimate sites use .dev. This page lists only the specific .dev domains flagged by threat-intelligence feeds — not the extension as a whole.

Why do scammers use .dev domains?

Scammers favour cheap, fast-to-register extensions with slower abuse enforcement, because they expect the domain to be taken down within days. Registration cost and enforcement speed — not the extension's purpose — drive the choice.

How do I check if a specific .dev site is safe?

Look it up here or on Google Safe Browsing and VirusTotal, and check its registration date with a WHOIS lookup. Very new domains imitating an established brand are a strong warning sign.

🔐Security Partner

Stop the next phishing attack before you click.

NordPass autofill only triggers on real domains. Fake login pages cannot trick it into entering your credentials.

Try NordPass →