# evil-verify.pages.dev — SUSPICIOUS

> PhishDestroy identifies evil-verify.pages.dev as a credential theft domain flagged by 0 of 95 VirusTotal vendors via Cloudflare. Avoid entering login details.

## Summary
PhishDestroy identifies evil-verify.pages.dev as an active credential theft domain impersonating a verification service. The domain is currently under investigation as part of a live phishing campaign targeting user credentials.

This domain was flagged by 0 of 95 VirusTotal vendors, registered through Cloudflare, Inc., and resolves to IP 188.114.96.3. The SSL certificate is issued by Google Trust Services, indicating no immediate browser-based warnings. Additional threat intelligence shows no current blocklist detections, suggesting this domain remains in early deployment stages.

The domain’s status is active with a risk level marked as under investigation. Security teams should block access to evil-verify.pages.dev immediately. Users are advised against entering credentials or sensitive data. Report the domain to security vendors and monitor for associated IOCs, including the IP and SSL certificate details. Further analysis is required to determine the full scope of this campaign.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/evil-verify.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/evil-verify.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/evil-verify.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/evil-verify.pages.dev/
Last updated: 2026-04-08