# lastdist-stage.pages.dev — MALICIOUS

> lastdist-stage.pages.dev is a credential harvesting phishing site with 13/95 VirusTotal detections. Check the full report for detailed analysis.

## Summary
PhishDestroy identifies lastdist-stage.pages.dev as an active credential harvesting phishing domain with an elevated risk level. This domain is specifically designed to trick users into surrendering sensitive login credentials under the guise of a legitimate service. The threat is not generic phishing but a focused credential theft operation.  

This domain was flagged by 13 out of 95 security vendors on VirusTotal, indicating widespread recognition of its malicious nature. Registered through Cloudflare, Inc., the domain resolves to IP address 172.66.44.211 and operates under a Google Trust Services SSL certificate, which may lend an air of legitimacy to unsuspecting users. The use of Cloudflare Pages (pages.dev) as a hosting platform further complicates detection, as legitimate services frequently leverage this infrastructure. While the exact registration date is not provided in the available intelligence, the combination of a high detection rate, Cloudflare infrastructure, and SSL certification suggests a recently activated or repurposed malicious domain.  

To mitigate the risk posed by this credential harvesting domain, users should avoid interacting with lastdist-stage.pages.dev entirely. Organizations should implement browser-based or DNS-level blocklists to prevent access to this domain and similar threats. If credentials were inadvertently submitted, users must immediately reset passwords for the affected accounts and enable multi-factor authentication where possible. Security teams should inspect network logs for any outbound connections to IP 172.66.44.211 or related infrastructure to determine potential compromise. Given the use of Cloudflare Pages, traditional IP-based blocking may be less effective, so domain-based blocking is strongly recommended. Proactive threat intelligence sharing within security communities can help prevent further spread of this credential harvesting campaign.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.211

## Detection Status
- VirusTotal: 13 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/fc1deafb-40e0-453a-9e90-4fb4ddcb9273
- PhishDestroy: https://phishdestroy.io/domain/lastdist-stage.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/lastdist-stage.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/lastdist-stage.pages.dev/
Last updated: 2026-03-25