# donetest.pages.dev — SUSPICIOUS

> donetest.pages.dev is a confirmed credential phishing site hosted on Cloudflare (188.114.97.3). This fake Microsoft 365 login portal steals user emails and.

## Summary
donetest.pages.dev has been flagged as an active credential phishing portal designed to harvest Microsoft 365 login credentials. The site mimics Microsoft's authentication interface to trick users into entering their corporate or personal email passwords. PhishDestroy identifies this as a HIGH-RISK social engineering threat due to its targeted deception and direct access to stolen credentials.


This domain was flagged with 0/95 detections on VirusTotal at the time of analysis, indicating no antivirus or security service had yet blacklisted it despite active hosting. It resolves to IP 188.114.97.3 and is registered through Cloudflare, Inc., leveraging Google Trust Services for an SSL certificate to appear legitimate. The 'pages.dev' subdomain suggests abuse of Cloudflare Pages for rapid deployment and evasion of takedowns.


To mitigate this threat, users must avoid interacting with donetest.pages.dev or any linked login prompts. Organizations should block this domain at the network perimeter using DNS filtering. If credentials were entered, immediately reset passwords and enable multi-factor authentication. Report the domain to hosting providers (Cloudflare Abuse) and Microsoft Security Intelligence for takedown.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/8139dc85-9ae4-4e9c-92c6-23292c43385d
- PhishDestroy: https://phishdestroy.io/domain/donetest.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/donetest.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/donetest.pages.dev/
Last updated: 2026-03-31