# doc-trust-ask.pages.dev — SUSPICIOUS

> doc-trust-ask.pages.dev is impersonating a Microsoft login page in an active credential theft campaign. 4 out of 95 VirusTotal engines flagged it.

## Summary
PhishDestroy identifies doc-trust-ask.pages.dev as a live credential-harvesting site that mimics Microsoft 365 login prompts to trick users into surrendering corporate credentials. Hosted on Cloudflare Pages at IP 188.114.97.3, the domain leverages a Google Trust Services certificate to appear legitimate while scraping entered usernames and passwords. This tactic is common in business-email-compromise (BEC) attacks, where stolen credentials grant footholds into enterprise environments for follow-on fraud or data theft.  This domain was flagged by 4 of 95 VirusTotal security vendors and is served from Cloudflare Pages, registered through Cloudflare, Inc. The infrastructure is relatively young, raising the risk that it remains undetected by many blocklists. Even with a benign registrar and SSL issuer, the combination of active phishing content, low detection coverage, and enterprise-focused lure content places it at elevated risk for compromise.  If you or your employees visited doc-trust-ask.pages.dev, assume credentials entered were compromised. Immediately rotate passwords for the affected account, enable multi-factor authentication, and scan endpoints for anomalous activity. Report the domain to your email or web security stack and users to heighten monitoring for lateral-movement attempts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Page title: doc-trust-ask.pages.dev

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 4 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/b2cc76c6-2837-4b32-a97a-4bde1b20f8df
- PhishDestroy: https://phishdestroy.io/domain/doc-trust-ask.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/doc-trust-ask.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/doc-trust-ask.pages.dev/
Last updated: 2026-03-22