# tradecontractor.pages.dev — SUSPICIOUS > TradeContractor.pages.dev impersonates legitimate contractors. This fake construction site steals credentials. Check the full report. ## Summary PhishDestroy identifies TradeContractor.pages.dev as an active fake construction contractor phishing domain under investigation for generic credential harvesting. This deceptive site masquerades as a legitimate contractor portal to trick victims into entering login credentials, exposing them to direct financial and identity theft risks. This domain was flagged with a risk level marked as under investigation and is currently active. TradeContractor.pages.dev resolves to IP address 188.114.97.3 and is registered through Cloudflare, Inc. The domain holds a valid Let's Encrypt SSL certificate, which may lend false credibility to unsuspecting users. As of the latest scan, VirusTotal reports 0 detections out of 95 engines, indicating that traditional antivirus solutions have not yet flagged this threat. There are no current entries in major public blocklists such as Google Safe Browsing, PhishTank, or OpenPhish, and the domain does not appear on any known domain reputation or trust score platforms. The absence of detections and blocklist presence suggests this is a relatively new or stealthily operated campaign. Mitigation against this type of fake contractor phishing site requires both proactive and reactive measures. Users should avoid clicking on unsolicited links claiming to lead to contractor portals, especially those delivered via email or social media. Always verify the sender’s domain and use official company websites by manually entering URLs or using trusted bookmarks. Organizations should implement email filtering rules to detect impersonation attempts and consider blocking newly registered domains with low reputation scores. If exposure occurs, immediately reset account credentials, enable multi-factor authentication, and monitor for signs of credential misuse or financial fraud. Report suspicious domains to cybersecurity authorities such as CISA or your national cybercrime unit to aid in rapid takedown efforts. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/a92dbc64-c1c5-4734-8471-2eec7e8d27de - PhishDestroy: https://phishdestroy.io/domain/tradecontractor.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/tradecontractor.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/tradecontractor.pages.dev/ Last updated: 2026-03-26