# dovahexei-souttinou-f2d174.pages.dev — MALICIOUS > dovahexei-souttinou-f2d174.pages.dev hosts a fraudulent login page. This active credential phishing domain evades detection with a 16/95 VirusTotal score. ## Summary PhishDestroy identifies dovahexei-souttinou-f2d174.pages.dev as an active credential phishing domain impersonating a legitimate login interface. The threat involves harvesting user credentials through a fraudulent form hosted on Cloudflare Pages, a service commonly abused for quick deployment of phishing kits. No specific brand or drainer kit attribution is available in current intelligence feeds, but the domain’s structure suggests a generic but targeted credential harvesting campaign. This domain was flagged with a VirusTotal detection score of 16 out of 95 security vendors, indicating partial but not universal recognition as malicious. It is registered through Cloudflare, Inc., resolving to IP address 172.66.44.75, and secured with a Google Trust Services SSL certificate to enhance legitimacy. The domain appears on one security blocklist and is confirmed blocked by OpenPhish, a leading phishing intelligence provider. No creation date is publicly available at this time. The domain remains active and poses an elevated risk due to its use of legitimate infrastructure and SSL encryption to deceive users. Immediate response includes network-level blocking via OpenPhish and IP/SSL fingerprinting. While detection is improving, the domain’s low blocklist count and partial VirusTotal coverage suggest potential for continued operation. Users are advised to avoid accessing this domain and report any interactions to their security teams. Remaining risk is moderate due to active evasion tactics and partial detection coverage. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.75 ## Detection Status - VirusTotal: 16 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["OpenPhish"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/21ad6718-d4e4-43a2-b0d3-a37c9b335e7c - PhishDestroy: https://phishdestroy.io/domain/dovahexei-souttinou-f2d174.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/dovahexei-souttinou-f2d174.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/dovahexei-souttinou-f2d174.pages.dev/ Last updated: 2026-03-27