# rodin.pages.dev — SUSPICIOUS > rodin.pages.dev is a credential theft page with 0/95 VirusTotal detections. Avoid entering login details. Verify before trusting. ## Summary PhishDestroy identifies rodin.pages.dev as a credential theft domain under active exploitation. This Cloudflare Pages-hosted site mimics legitimate login portals to harvest user credentials, posing a severe risk to victims. The infrastructure leverages Google Trust Services for SSL certificates and resolves to 172.66.45.24, a Cloudflare IP range often abused for obfuscation. Current detections remain critically low at 0/95 on VirusTotal, highlighting the need for proactive blocking. rodin.pages.dev exhibits multiple red flags consistent with credential harvesting campaigns. VirusTotal shows 0/95 detections as of the latest scan, while the domain is registered through Cloudflare, Inc. (via Cloudflare Pages) and resolves to IP 172.66.45.24. The SSL certificate is issued by Google Trust Services, which, while legitimate, does not validate the domain's intent. Such low detection rates combined with Cloudflare's abuse-resistant infrastructure create a deceptive appearance of legitimacy, making manual verification essential. To mitigate credential theft risks from rodin.pages.dev, users should avoid interacting with the domain entirely. Enterprises should configure network blocks for the IP 172.66.45.24 and domain rodin.pages.dev at the firewall or DNS level. Employees must verify URLs via official channels before entering credentials, as this domain’s low VirusTotal score indicates it remains under the radar of automated detection systems. Report any accidental interactions to security teams immediately for incident response. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.45.24 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/b3cdeead-d671-4049-9570-3a432bc1ec6a - PhishDestroy: https://phishdestroy.io/domain/rodin.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/rodin.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/rodin.pages.dev/ Last updated: 2026-04-01