# remernetstron.pages.dev — SUSPICIOUS > PhishDestroy flags remernetstron.pages.dev as a credential theft domain with 0/95 VirusTotal detections. ## Summary PhishDestroy identifies remernetstron.pages.dev as a credential theft domain actively engaged in phishing operations designed to harvest user credentials. This domain leverages a deceptive Pages.dev subdomain to impersonate a legitimate service, tricking victims into entering sensitive login information that is subsequently exfiltrated by the threat actor. The campaign appears to target unsuspecting users under the guise of a trusted platform, aiming to compromise accounts for financial gain or further malicious activities. This domain resolves to IP 188.114.97.3 and is currently registered through Cloudflare, Inc., utilizing Google Trust Services for its SSL certificate to enhance its appearance of legitimacy. As of the latest analysis, remernetstron.pages.dev exhibits 0 detections out of 95 on VirusTotal, indicating that it has not yet been widely flagged by security vendors. While the exact creation date of the domain is not disclosed in available intelligence, its active status and lack of detections suggest it is a recently deployed threat designed to evade early detection. The absence of this domain from the Google Safe Browsing (GSB) list further underscores the need for proactive monitoring and user vigilance. The domain remains active as of the most recent assessment, with a status of 'under_investigation' and a seed identifier of 0c4c3a. PhishDestroy continues to monitor this threat and urges users and organizations to block remernetstron.pages.dev at the network perimeter to prevent potential credential theft. While the immediate risk is elevated due to the domain's active status and low detection rate, the lack of widespread flagging provides an opportunity for rapid mitigation if action is taken promptly. Users are advised to avoid interacting with this domain and to report any suspicious activity to their security teams or relevant authorities to prevent further spread of this credential theft campaign. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/38a1867f-ec8c-4f92-ab37-b54c859d400d - PhishDestroy: https://phishdestroy.io/domain/remernetstron.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/remernetstron.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/remernetstron.pages.dev/ Last updated: 2026-04-12