# anthaathi.pages.dev — SUSPICIOUS

> anthaathi.pages.dev impersonates a login portal to steal credentials. Hosted on Cloudflare IP 172.66.46.

## Summary
PhishDestroy identifies anthaathi.pages.dev as an active credential harvesting domain under investigation for generic phishing. The domain masquerades as a legitimate login portal, specifically targeting users who may unknowingly submit sensitive credentials to a fraudulent interface. The immediate risk stems from its potential to capture authentication details under false pretenses, exposing victims to account takeovers and subsequent financial or identity fraud. This domain was flagged via seed 57150f and remains unflagged on VirusTotal despite active deployment.


This domain resolves to IP 172.66.46.208 and operates under a Google Trust Services SSL certificate, lending superficial legitimacy to its phishing interface. Registered through Cloudflare, Inc., it leverages the provider’s infrastructure to evade detection, with 0 detections out of 95 VirusTotal scans as of the latest analysis. The domain’s infrastructure footprint suggests a deliberate attempt to blend into legitimate web services, complicating rapid identification. No known inclusion on blocklists or threat intelligence feeds has been recorded at this time, underscoring the need for proactive monitoring.


Users must avoid interacting with anthaathi.pages.dev or submitting any credentials through its interface. Organizations should block the domain at DNS and firewall levels and inspect outbound traffic for callbacks to 172.66.46.208. Immediate reporting to relevant security teams and users who may have accessed the domain is critical. Implement multi-factor authentication across all services to mitigate credential reuse risks, and conduct user awareness training focusing on recognizing fake login portals hosted on Cloudflare Pages or similar platforms.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.46.208

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/3d13eec9-642e-4231-848a-ce4b2b4bfc04
- PhishDestroy: https://phishdestroy.io/domain/anthaathi.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/anthaathi.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/anthaathi.pages.dev/
Last updated: 2026-03-29