# mainben.pages.dev — SUSPICIOUS

> mainben.pages.dev is a live credential theft page impersonating a major brand; VirusTotal flags it 1/95.

## Summary
PhishDestroy identifies mainben.pages.dev as an active credential theft page distributing a fake login that steals usernames and passwords. This domain hides under Cloudflare’s Pages.dev service and resolves to the IP address 172.66.47.188, making it appear legitimate at a glance. Security vendors already caught it—1 out of 95 scanners on VirusTotal detected the fraud, so entering any information could compromise your accounts.


This threat relies on brand impersonation and relies on Google Trust Services SSL certificates to trick visitors into trusting the site. Cloudflare, Inc. registered the domain through its Pages.dev platform, which is commonly abused by attackers to host convincing but malicious login forms. Risk is elevated because the page remains online and is collecting stolen credentials in real time. The seed f0421a highlights repeated abuse of Pages.dev infrastructure by credential theft campaigns.


If you visited mainben.pages.dev, stop typing anything immediately and close the tab. Reset passwords on every account that shares any reused credentials. Run a full antivirus scan to check for keyloggers or stolen session tokens. Alert your organization’s security team if this was accessed from a work device. Finally, consider enabling two-factor authentication on high-value accounts to prevent credential reuse attacks.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.188

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/51333baf-7929-49f4-959f-16a0a58a93f7
- PhishDestroy: https://phishdestroy.io/domain/mainben.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/mainben.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/mainben.pages.dev/
Last updated: 2026-03-22