# tea-com.pages.dev — SUSPICIOUS > tea-com.pages.dev is being investigated for phishing via fake login pages. VirusTotal reports 0/95 detections. Review the full report now. ## Summary PhishDestroy identifies tea-com.pages.dev as an active phishing domain impersonating a login page to harvest credentials. This subdomain under Cloudflare’s Pages.dev service is designed to mimic legitimate domains, tricking users into submitting sensitive information such as usernames, passwords, or payment details. The domain resolves to IP address 172.66.44.236 and leverages a Google Trust Services SSL certificate to appear legitimate at first glance. Users should exercise extreme caution when encountering this domain, as it is currently under investigation for malicious activity. This domain has not yet been flagged by security vendors, with VirusTotal reporting 0 detections out of 95 scans. It is registered through Cloudflare, Inc., with infrastructure hosted on Cloudflare’s Pages.dev platform. While the SSL certificate issued by Google Trust Services adds a veneer of authenticity, it is crucial to note that such certificates can be obtained easily and do not guarantee the domain’s legitimacy. The absence of detections highlights the importance of proactive threat hunting, as signature-based defenses may not yet recognize this threat. Users should treat this domain with skepticism, especially if it appears in unsolicited emails or messages. If you have visited tea-com.pages.dev, immediately cease any interaction with the page and avoid entering any credentials or personal information. Scan your device for malware using reputable security software and monitor accounts linked to any details shared on the site. Report the domain to your organization’s security team or to platforms like Google Safe Browsing to help block its spread. Educate colleagues and family members about the risks associated with deceptive login pages, and consider implementing DNS filtering to block access to this domain proactively. Staying vigilant and verifying the authenticity of web pages before submitting sensitive data are critical steps in mitigating phishing risks. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.236 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/b655f068-d971-4466-bb09-708475cb59da - PhishDestroy: https://phishdestroy.io/domain/tea-com.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/tea-com.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/tea-com.pages.dev/ Last updated: 2026-03-24