# testforfirst.pages.dev — SUSPICIOUS

> testforfirst.pages.dev actively phishes for credentials, resolving to 172.66.44.111 with 0/95 VirusTotal detections. Avoid entering sensitive data.

## Summary
PhishDestroy identifies testforfirst.pages.dev as an active credential theft site, hosted via Cloudflare Pages and resolving to IP 172.66.44.111. The domain leverages a Google Trust Services SSL certificate to masquerade as legitimate, deceiving users into submitting login details. Investigation reveals this campaign specifically targets unsuspecting users via deceptive web forms designed to harvest credentials for subsequent exploitation.

Evidence supporting the classification includes 0 detections out of 95 scanners on VirusTotal, indicating evasion of automated detection systems. The domain was registered through Cloudflare, Inc., a common tactic to obscure ownership and hinder rapid takedown. Infrastructure analysis ties the site to IP 172.66.44.111, a known hosting environment frequently associated with malicious activity. The SSL certificate issued by Google Trust Services adds a veneer of authenticity, further lowering user suspicion.

Users who visited testforfirst.pages.dev should immediately review accounts for unauthorized access, particularly if credentials were entered. Change passwords on affected platforms and enable multi-factor authentication where available. Report the domain to your browser or security provider for blocking, and scan endpoints for potential compromise. Avoid re-engaging with the domain to prevent secondary payload delivery.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.111

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/d84e6a50-85af-437c-a0f7-0cd060a471cf
- PhishDestroy: https://phishdestroy.io/domain/testforfirst.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/testforfirst.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/testforfirst.pages.dev/
Last updated: 2026-03-22