# root-sol.pages.dev — SUSPICIOUS

> root-sol.pages.dev hosts a Cloudflare phishing page with 0/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy identifies root-sol.pages.dev as an active phishing domain masquerading as Cloudflare infrastructure to harvest user credentials. The domain leverages Cloudflare Pages to host a spoofed login portal, tricking victims into entering sensitive information under the guise of legitimate authentication. The threat actor behind this campaign appears to be leveraging Cloudflare's trusted reputation to bypass security controls, as evidenced by the domain's SSL certificate issued by Google Trust Services and its resolution to IP 172.66.47.200.  This domain was flagged with 0 detections out of 95 VirusTotal scans, highlighting its stealthy nature despite active hosting. Registered through Cloudflare, Inc., the domain's infrastructure aligns with legitimate services, complicating detection efforts. While the exact creation date remains unverified, the lack of blocklist entries suggests this campaign is either newly deployed or deliberately evading traditional defenses. The combination of Cloudflare's Pages service, Google-issued SSL certificates, and unflagged status underscores the sophistication of this phishing attempt.  Users who visited root-sol.pages.dev should immediately review their Cloudflare account for unauthorized access and enable multi-factor authentication (MFA) if not already configured. Avoid entering any credentials or sensitive data on suspicious pages, even if they appear legitimate. Report the domain to your security team and run a full system scan to rule out potential malware infections. For further analysis, consult the full threat advisory linked in this report.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.200

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f3448222-63fd-439f-878b-49eea30a5228
- PhishDestroy: https://phishdestroy.io/domain/root-sol.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/root-sol.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/root-sol.pages.dev/
Last updated: 2026-03-31