# testnowtest12.pages.dev — SUSPICIOUS

> testnowtest12.pages.dev impersonates a login portal to steal credentials; resolves to 188.114.97.3 with 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies testnowtest12.pages.dev as an active credential harvesting scam leveraging a Cloudflare Pages subdomain to deceive users into submitting login credentials. The domain poses a HIGH immediate risk due to its use of HTTPS with a Google Trust Services certificate, which lends false legitimacy to the phishing page. Active redirection to 188.114.97.3 further confirms malicious infrastructure, while the absence of detections on VirusTotal (0/95) highlights the need for rapid containment before widespread abuse.  This domain was flagged with the following technical indicators: registered via Cloudflare, Inc., SSL certificate issued by Google Trust Services, resolving to IP address 188.114.97.3, and showing zero detections across 95 VirusTotal scanners. The subdomain structure (pages.dev) is a known Cloudflare platform often exploited for phishing campaigns due to its free hosting and rapid provisioning capabilities. No current blocklist entries were detected during initial analysis, indicating the domain remains under the radar despite active misuse.  Mitigation requires immediate action: block network-level access to 188.114.97.3 and testnowtest12.pages.dev at DNS/firewall levels; users should avoid all interactions, especially credential entry; report the domain to Cloudflare Abuse and local CERT teams using seed ac8729; and warn employees/customers via internal alerts referencing the Google Trust Services certificate as a false security indicator. Continuous monitoring for new variants under the same IP or registrar is critical due to the domain's active status.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4a511d23-f805-477a-9380-3114b4c60bea
- PhishDestroy: https://phishdestroy.io/domain/testnowtest12.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/testnowtest12.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/testnowtest12.pages.dev/
Last updated: 2026-03-28