# dsadsa.pages.dev — SUSPICIOUS

> Domain dsadsa.pages.dev spotted hosting a fake login scam with a VirusTotal detection rate of just 1/95. Check the full report.

## Summary
PhishDestroy identifies dsadsa.pages.dev as an active generic phishing domain impersonating legitimate login portals to harvest user credentials. This domain leverages Cloudflare Pages hosting and a Google Trust Services SSL certificate to appear credible, while its underlying infrastructure (188.114.96.3) is associated with malicious activity. The threat actor behind this campaign uses a generic but effective drainer kit designed to exfiltrate sensitive login data, with no specific brand impersonation detected at this stage.  This domain was flagged by only 1 out of 95 VirusTotal security vendors, indicating a low initial detection rate. Registered through Cloudflare, Inc., the domain resolves to IP address 188.114.96.3 and utilizes Google Trust Services for its SSL certificate, enhancing its deceptive appearance. The domain’s creation date and additional blocklist metrics remain unverified in open-source intelligence, but its current configuration aligns with common phishing tactics.  As of the latest analysis, dsadsa.pages.dev remains active, posing an elevated risk to unsuspecting users. Immediate actions include blocking the domain at the network level and flagging the associated IP (188.114.96.3) in corporate or personal security tools. While the current risk is elevated, the low VirusTotal detection rate suggests this domain may evade some automated defenses. Users are advised to exercise caution when encountering unsolicited login prompts, verify domain legitimacy via HTTPS inspection, and report suspicious activity to relevant cybersecurity authorities.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/28c535c2-84e5-42f6-abb2-9b3abace69f3
- PhishDestroy: https://phishdestroy.io/domain/dsadsa.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/dsadsa.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/dsadsa.pages.dev/
Last updated: 2026-03-22