# vantardweb.pages.dev — SUSPICIOUS > vantardweb.pages.dev is a live phishing scam hosted on Cloudflare Pages that steals credentials via a fake login page. ## Summary vantardweb.pages.dev is a confirmed generic phishing domain actively luring victims under the guise of a legitimate service. The page is designed to harvest user credentials through a convincing decoy interface, posing as a login portal. No specific brand or drainer kit has been identified at this time, but the generic nature suggests opportunistic credential theft rather than a targeted campaign. The domain is hosted on Cloudflare Pages, leveraging the platform’s infrastructure to evade traditional takedown mechanisms while maintaining a veneer of legitimacy. The absence of a recognizable brand lowers the barrier for attacker reuse, making this a high-reuse threat vector for future campaigns. Technical indicators confirm the domain’s malicious intent. VirusTotal reports 0/95 detections as of the latest scan, indicating no immediate blacklisting despite the active threat. The domain resolves to IP 172.66.47.173 via Cloudflare’s proxy network, obscuring the true origin. Registered through Cloudflare, Inc., the domain utilizes Google Trust Services for its SSL certificate, further enhancing its perceived legitimacy. The lack of a publicly listed creation date complicates historical analysis, but the combination of SSL certificate, proxy resolution, and zero detections suggests a recently deployed or rapidly cycling infrastructure. The domain remains unlisted on major blocklists, leaving users and automated defenses vulnerable to exposure. This domain is currently active and unmitigated, with no known takedown or blocklisting efforts as of the latest analysis. The low detection rate on VirusTotal (0/95) highlights the inefficacy of signature-based defenses against this threat, emphasizing the need for behavioral and reputation-based detection mechanisms. Users are advised to avoid interacting with vantardweb.pages.dev entirely, as credential theft is the likely outcome. Security teams should implement network-level blocks for IP 172.66.47.173 and domain-based rules for vantardweb.pages.dev to prevent accidental exposure. The remaining risk is high due to the domain’s active status, lack of detections, and reliance on trusted infrastructure. Immediate action is required to prevent further victimization. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.173 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/6a927a02-cf61-447c-90d5-abc7093067f0 - PhishDestroy: https://phishdestroy.io/domain/vantardweb.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/vantardweb.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/vantardweb.pages.dev/ Last updated: 2026-03-22