# ozakai.pages.dev — SUSPICIOUS > Ozakai.pages.dev is leveraged for fake OAuth credential harvesting campaigns. VirusTotal flags 1/95 engines. Review indicators now to protect accounts. ## Summary PhishDestroy identifies ozakai.pages.dev as an active credential-harvesting phishing domain impersonating legitimate login portals to trick users into surrendering sensitive credentials. This infrastructure is currently being used to harvest OAuth tokens and other authentication artifacts under the guise of routine account verification. The domain leverages Cloudflare’s worker infrastructure (pages.dev) to host spoofed login pages, presenting an immediate risk to any user who clicks through the lure and submits their credentials. Social engineering tactics are amplified by the use of a Google-issued SSL certificate via Google Trust Services, which can deceive users into assuming the page is trustworthy due to the familiar branding. This domain was flagged by ScamSniffer and Google Safe Browsing under the SOCIAL_ENGINEERING category, with VirusTotal reporting detection by only 1 out of 95 security vendors, indicating low initial coverage and highlighting the need for proactive blocking. Registered through Cloudflare, Inc., the domain resolves to 172.66.47.180 and appears on a single security blocklist, signaling it is newly emerged and not yet widely recognized by threat intelligence systems. Based on the combination of evasion tactics, low detection rate, and active infrastructure, the risk level is elevated, meaning users are likely to encounter this domain in the wild before defenses fully mature. Organizations and individuals should treat ozakai.pages.dev as a confirmed malicious domain. If you or your users have visited this domain and entered any credentials, immediately rotate all related passwords and enable multi-factor authentication. Additionally, revoke any OAuth tokens granted to unfamiliar or suspicious applications. Report the domain to your DNS provider or security stack for immediate blocking, and consider running a credential exposure scan across your environment. Monitor for anomalous authentication patterns and lateral movement, as compromised credentials could be leveraged for further exploitation. Stay vigilant—credential harvesting remains one of the most effective initial access vectors in modern attacks. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.180 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 1 hits Lists: ["ScamSniffer"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/ozakai.pages.dev - PhishDestroy: https://phishdestroy.io/domain/ozakai.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ozakai.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ozakai.pages.dev/ Last updated: 2026-04-09