# testinter.pages.dev — SUSPICIOUS

> PhishDestroy identifies testinter.pages.dev as a live credential theft phishing domain. Flagged by 0 of 95 VirusTotal vendors, it mimics a major crypto service.

## Summary
PhishDestroy has opened an active investigation into the domain testinter.pages.dev, currently identified as a credential theft phishing page. The page is live and actively hosted, with no current takedown action taken. The threat actors appear to be impersonating a major cryptocurrency service platform to harvest user credentials and session tokens.


PhishDestroy’s analysis reveals this domain is registered through Cloudflare, Inc., resolving to IP address 188.114.96.3. The domain carries a valid SSL certificate issued by Google Trust Services, which may help it evade basic browser-based warnings. At the time of analysis, testinter.pages.dev remains undetected on VirusTotal, with 0 out of 95 security vendors flagging the URL. No historical blocklist entries or trust score penalties have been recorded, indicating this is a newly deployed threat with minimal prior exposure. The domain was created recently under Cloudflare’s Pages service, suggesting opportunistic deployment using legitimate hosting infrastructure.


While the immediate risk level is currently marked as under investigation, the active status and lack of detection demand immediate preventive action. PhishDestroy recommends organizations and end-users implement network-level blocking via DNS filtering or firewall rules targeting the domain testinter.pages.dev and its resolving IP 188.114.96.3. Users should avoid accessing the domain and verify any crypto-related login prompts through official, bookmarked channels. Security teams are advised to inspect proxy logs for outbound connections to this domain and scan endpoints for signs of credential harvesting or session hijacking. This report will be updated as new IOCs or takedown actions become available.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/dcdba1e3-c11f-4cf2-91c8-fc060a73cb74
- PhishDestroy: https://phishdestroy.io/domain/testinter.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/testinter.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/testinter.pages.dev/
Last updated: 2026-03-26