# ac-5uh.pages.dev — SUSPICIOUS

> ac-5uh.pages.dev hosts a fake Google login portal targeting credential theft, active phishing campaign detected. VirusTotal score 0/95. Check the full report.

## Summary
PhishDestroy identifies ac-5uh.pages.dev as an active phishing campaign impersonating Google login portals to harvest user credentials. The domain is currently under investigation with a provisional risk classification of high due to its active status and lack of blocklist coverage. This campaign specifically targets Google account holders by mimicking official login interfaces, aiming to deceive users into entering sensitive authentication details on a fraudulent page hosted under a Cloudflare Pages subdomain.

This domain was flagged for hosting a credential harvesting phishing page and exhibits multiple indicators of malicious intent. VirusTotal analysis shows 0 detections out of 95 engines as of latest scan, indicating undetected threat activity. It resolves to IP address 188.114.96.3, registered through Cloudflare, Inc., leveraging Google Trust Services SSL certificates to enhance perceived legitimacy. The SSL certificate issuance suggests an attempt to bypass security warnings in browsers. No evidence of blocklist inclusion has been observed, and the domain remains active as of investigation timestamp with seed f422f7.

Users and organizations should immediately block ac-5uh.pages.dev at network and endpoint levels due to its confirmed phishing activity. Implement browser security policies prohibiting access to non-standard Google login domains and enforce multi-factor authentication to mitigate credential theft impact. Security teams should inspect DNS logs for connections to 188.114.96.3 and scan endpoints for unauthorized data transmission to external domains. Report the domain to Google Safe Browsing and Cloudflare Abuse teams using submission portals. Monitor internal accounts for suspicious login activity from unfamiliar IPs or devices. Educate users to verify URLs before entering credentials, especially those containing unusual subdomains or non-standard domains claiming to be Google services.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/ac-5uh.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/ac-5uh.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ac-5uh.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ac-5uh.pages.dev/
Last updated: 2026-04-09