# terse-es-i.pages.dev — SUSPICIOUS

> terse-es-i.pages.dev is a live credential theft phishing domain with 0/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy identifies an active credential-theft phishing campaign operating from terse-es-i.pages.dev. This domain is currently under investigation for mimicking legitimate login portals and harvesting user credentials in real time. Evidence suggests the attacker has deployed server-side scripts that capture submitted credentials and redirect victims to decoy pages, enabling follow-on attacks such as account takeover and financial fraud. The domain resolves to IP 188.114.97.3 and is actively resolving via Cloudflare’s infrastructure, leveraging Google Trust Services for SSL certificates to appear trustworthy. Given the absence of detections across leading security engines and the domain’s rapid propagation, users are strongly advised to treat any interaction as high risk until further intelligence is available.

This domain was flagged by PhishDestroy with the seed identifier b6f377. Intelligence confirms zero detections on VirusTotal (0/95 engines), registration through Cloudflare, Inc., and resolution to IP 188.114.97.3. The domain is hosted on Cloudflare Pages, a platform frequently abused by threat actors to rapidly deploy and rotate phishing infrastructure. While the SSL certificate issued by Google Trust Services adds superficial legitimacy, it does not guarantee safety—many phishing campaigns leverage free or compromised certificates to evade detection. Indicators such as the absence of blocklist inclusion and live resolution indicate this is a newly operational campaign likely targeting Spanish-speaking users (indicated by 'es' in the domain), but expansion to other regions is probable.

If you or your organization has visited terse-es-i.pages.dev, immediately change passwords on all accounts accessed from that device, enable multi-factor authentication (MFA) where available, and scan the device for malware using a reputable endpoint protection solution. Report the domain to your IT security team or use services like PhishDestroy’s reporting portal to contribute to collective threat intelligence. Users should avoid interacting with any pages hosted on *.pages.dev domains until they have been independently verified, especially those soliciting login credentials or personal information. Monitor financial accounts for unauthorized activity and be alert for phishing emails referencing this domain. This advisory will be updated as new intelligence emerges.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/65ff4f53-483d-4bee-b12b-a55a0c540fb7
- PhishDestroy: https://phishdestroy.io/domain/terse-es-i.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/terse-es-i.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/terse-es-i.pages.dev/
Last updated: 2026-03-22