# cloud-leadgerq.pages.dev — SUSPICIOUS > cloud-leadgerq.pages.dev is a Google Pages-hosted phishing site impersonating financial platforms. Flagged by 2 of 95 VirusTotal vendors, users should avoid. ## Summary cloud-leadgerq.pages.dev is a domain engaged in a generic phishing campaign, currently active as of the latest analysis. This domain poses a significant risk to users by masquerading as a legitimate financial or cloud-based service, potentially stealing credentials or sensitive data. The threat actor behind this campaign leverages trusted hosting infrastructure—Cloudflare Pages via Google Trust Services—to lend false legitimacy to their operations. cloud-leadgerq.pages.dev was flagged by 2 of 95 VirusTotal security vendors, indicating limited but notable detection coverage. The domain is registered through Cloudflare, Inc., and resolves to IP address 188.114.97.3. While additional metadata such as creation date or blocklist participation is not specified, the SSL certificate issued by Google Trust Services suggests an attempt to exploit the implicit trust associated with Google’s infrastructure. The domain’s minimal detection rate on VirusTotal underscores the evasiveness of this campaign, making it harder for automated defenses to flag proactively. Users and organizations are strongly advised to block traffic to and from cloud-leadgerq.pages.dev at the network perimeter and DNS level. Given the domain’s use of Google Pages for hosting, organizations should monitor for similar patterns in their web traffic, particularly any requests to *.pages.dev subdomains that do not align with expected business use. Employees should be reminded to scrutinize unsolicited communications referencing cloud storage, financial transactions, or login portals, especially those using URL shorteners or non-standard domains. Immediate reporting of any interaction with this domain is critical to prevent credential compromise or data exfiltration. Security teams should review endpoint telemetry for signs of compromise associated with this domain, including unusual outbound connections or credential access attempts. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/c9bad729-00a2-4052-b803-ec0d1c7c9f34 - PhishDestroy: https://phishdestroy.io/domain/cloud-leadgerq.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/cloud-leadgerq.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/cloud-leadgerq.pages.dev/ Last updated: 2026-03-22