# allsecureroutes.pages.dev — SUSPICIOUS > allsecureroutes.pages.dev hosts a credential phishing page impersonating a login portal. VirusTotal reports 0/95 detections. ## Summary PhishDestroy identifies the domain allsecureroutes.pages.dev as an active credential phishing campaign designed to harvest user login credentials. The threat involves a fraudulent login page likely impersonating a legitimate service to deceive victims into submitting their authentication details. The domain resolves to IP address 188.114.96.3 and is currently hosted on Cloudflare's infrastructure, leveraging the provider's fast-rotating IP and SSL certificate services to evade detection. The SSL certificate is issued by Google Trust Services, adding a false sense of legitimacy to the malicious site. At the time of analysis, the domain has not been flagged by VirusTotal, showing 0 detections out of 95 security vendors, indicating a newly deployed or stealthily operated threat. This domain was flagged through automated monitoring systems and exhibits several red flags indicative of malicious intent. It is registered through Cloudflare, Inc., a common choice for threat actors due to the service's privacy protections and rapid domain cycling capabilities. The domain's infrastructure, including its SSL certificate issued by Google Trust Services, suggests an attempt to blend in with legitimate web services. While the exact creation date is not provided, the lack of detections on VirusTotal implies recent deployment. The absence of blocklist entries suggests this campaign is still in its early stages, allowing the attackers to operate with minimal interference. The low detection rate (0/95) highlights the need for proactive threat intelligence to identify emerging phishing domains before they are widely recognized. Users who may have visited this domain should immediately assess whether they entered any credentials or sensitive information. If credentials were submitted, users must change passwords for the affected accounts and enable multi-factor authentication where available. Additionally, monitor accounts for unusual activity and consider revoking any OAuth tokens or API keys linked to compromised credentials. PhishDestroy recommends performing a full scan using updated antivirus software and verifying the legitimacy of any links before entering login details. If in doubt, contact the purported service provider through official channels to confirm the authenticity of the communication. Proactive verification and caution are critical to mitigating the risks posed by this credential phishing campaign. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/75619872-6907-4fa6-a6f6-5270c49cf967 - PhishDestroy: https://phishdestroy.io/domain/allsecureroutes.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/allsecureroutes.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/allsecureroutes.pages.dev/ Last updated: 2026-04-12