# signintest-2n7.pages.dev — SUSPICIOUS

> The domain signintest-2n7.pages.dev is a credential phishing site hosted on Cloudflare Pages, resolving to 188.114.97.3.

## Summary
The domain signintest-2n7.pages.dev has been flagged under active investigation for credential phishing, leveraging Cloudflare Pages and a Google Trust Services SSL certificate to mimic legitimacy. This domain is currently unresolved for any known brand impersonation or drainer kit associations, though its infrastructure suggests a deliberate attempt to harvest credentials under a seemingly secure facade. The threat actor may be testing evasion techniques given the absence of detections on VirusTotal.  This domain resolves to IP 188.114.97.3 and is registered through Cloudflare, Inc., with a Google Trust Services SSL certificate providing a false sense of security. VirusTotal currently shows a detection score of 0/95, indicating no immediate recognition by security vendors. While the exact creation date remains unverified, the domain’s recent activity aligns with active phishing campaigns targeting unsuspecting users.  Current status remains active, with SOC teams conducting further analysis to determine persistence mechanisms and potential victim profiles. Immediate actions include blocking the domain at the network perimeter and advising users to avoid interaction. Remaining risk is high due to the domain’s unflagged status and legitimate-looking infrastructure, necessitating continued monitoring for further IOC expansion.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/bebda9ce-27cd-45fd-b4b5-07605229b5a9
- PhishDestroy: https://phishdestroy.io/domain/signintest-2n7.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/signintest-2n7.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/signintest-2n7.pages.dev/
Last updated: 2026-03-23