# veris-cvl.pages.dev — SUSPICIOUS

> veris-cvl.pages.dev is a newly identified credential harvester mimicking a generic service. With 0/95 VirusTotal detections, users are advised to avoid.

## Summary
PhishDestroy identifies veris-cvl.pages.dev as an active credential-harvesting domain currently under investigation for phishing activity. The domain employs a Cloudflare front-end and resolves to IP 172.66.44.234, leveraging a Let's Encrypt SSL certificate to appear legitimate. At present, VirusTotal reports zero detections out of 95 engines, indicating limited detection coverage, while the domain remains unflagged by public blocklists.  This domain was flagged by internal telemetry and exhibits characteristics consistent with generic credential harvesting campaigns. Technical indicators include registration through Cloudflare, Inc., a shared hosting IP address, and a Let's Encrypt certificate issued for HTTPS obfuscation. Despite its current low detection rate, the absence of historical blocklist entries and low trust scores suggest early-stage deployment. The domain's infrastructure—specifically its use of Cloudflare Pages—facilitates rapid deployment and evasion of traditional detection mechanisms.  To mitigate exposure to this threat, organizations should block veris-cvl.pages.dev at the DNS and firewall levels, and inspect any recent outbound SSL connections to 172.66.44.234. Users who may have accessed the domain are advised to rotate any exposed credentials and enable multi-factor authentication on relevant accounts. Security teams are encouraged to monitor for similar domains leveraging Cloudflare Pages or Let's Encrypt certificates, particularly those with low detection coverage. Further analysis is ongoing to determine attribution and campaign scope.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.234

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ed0e85ff-74a8-4800-9370-80cac3a43ac7
- PhishDestroy: https://phishdestroy.io/domain/veris-cvl.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/veris-cvl.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/veris-cvl.pages.dev/
Last updated: 2026-03-27