# teamscrypt.pages.dev — SUSPICIOUS > teamscrypt.pages.dev poses as Microsoft Teams to steal credentials. VirusTotal shows 0/95 detections despite hosting phishing on IP 172.66.44.203. ## Summary teamscrypt.pages.dev has been flagged for an active Microsoft Teams credential theft phishing campaign and is currently under investigation. This domain mimics the Microsoft Teams login portal to harvest user credentials, posing a high risk to organizations relying on Microsoft 365 ecosystems. The threat is classified as a generic phishing attack, leveraging deceptive branding to trick victims into submitting sensitive login details. PhishDestroy identifies this domain as resolving to IP 172.66.44.203 using a Google Trust Services SSL certificate, yet it remains undetected on VirusTotal with 0 out of 95 security vendors flagging it. The domain is registered through Cloudflare, Inc., which often masks malicious infrastructure. As of the latest analysis, no blocklist entries or trust score penalties have been recorded, indicating a recent or stealthy deployment. To mitigate this specific credential theft threat, users must avoid entering any Microsoft Teams credentials on teamscrypt.pages.dev. Network administrators should block access to this domain at the firewall level and inspect DNS logs for any resolutions to 172.66.44.203. Additionally, enabling multi-factor authentication (MFA) on Microsoft accounts can reduce the impact of credential theft, and reporting this domain to Microsoft’s phishing abuse teams may help block future campaigns. Monitor for unauthorized login attempts post-exposure. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.203 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/58785c1e-d985-4442-957d-ee35ffd36cf0 - PhishDestroy: https://phishdestroy.io/domain/teamscrypt.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/teamscrypt.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/teamscrypt.pages.dev/ Last updated: 2026-03-25