# indirecting-openocean-swap.pages.dev — SUSPICIOUS > indirecting-openocean-swap.pages.dev poses a generic phishing threat, evading detection with 0/95 VirusTotal flags. ## Summary PhishDestroy identifies indirecting-openocean-swap.pages.dev as a domain actively hosting a generic phishing campaign, currently under investigation for malicious intent. This Pages.dev subdomain leverages Cloudflare's infrastructure and Google Trust Services SSL certificates to masquerade as a legitimate service, specifically targeting unsuspecting users through deceptive domain naming conventions. The threat actor behind this domain appears to be exploiting trusted hosting providers to evade traditional security measures, creating a false sense of security for potential victims. Based on verified intelligence, indirecting-openocean-swap.pages.dev exhibits concerning characteristics that warrant immediate scrutiny. VirusTotal currently reports 0 detections out of 95 security engines, indicating this domain has flown under the radar despite its malicious nature. The domain resolves to IP address 188.114.96.3, which is associated with Cloudflare's infrastructure, further complicating attribution. While exact registration dates remain unverified, the use of a .pages.dev subdomain suggests recent creation, as Pages.dev subdomains are typically provisioned for new projects. The presence of a Google Trust Services SSL certificate adds a layer of legitimacy, potentially tricking users into believing the site is secure. These combined factors create a deceptive facade that could easily ensnare users unfamiliar with the tactics employed by modern phishing operators. Users who have encountered this domain are advised to take immediate precautions. If you accessed indirecting-openocean-swap.pages.dev at any point, avoid entering any personal or financial information, as the site may be harvesting credentials or payment details. Disconnect from the network and run a full antivirus scan to check for potential compromises. Report the domain to your organization's security team or to platforms like Google Safe Browsing and PhishTank to help disrupt this campaign. For future protection, consider implementing DNS filtering solutions to block known malicious domains and subdomains. Always verify the legitimacy of websites by cross-referencing domain names with official sources, especially when the domain includes terms like 'swap' or 'openocean,' which are commonly mimicked in phishing schemes. Proactive monitoring and user awareness remain critical in mitigating the risks posed by such domains. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/indirecting-openocean-swap.pages.dev - PhishDestroy: https://phishdestroy.io/domain/indirecting-openocean-swap.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/indirecting-openocean-swap.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/indirecting-openocean-swap.pages.dev/ Last updated: 2026-04-04