# testonly.autofix.buzz — SUSPICIOUS > PhishDestroy flags testonly.autofix.buzz for a malware-hosting fake login page. Domain created 21 Dec 2025, 0/95 VirusTotal detections. ## Summary PhishDestroy has opened an active investigation into testonly.autofix.buzz, a recently registered domain that is currently hosting a malicious fake login page. The site’s operators aim to trick visitors into entering sensitive credentials—such as usernames, passwords, or two-factor codes—into a convincing replica of a legitimate service. Early behavioral analysis suggests the page may auto-download a crypto-drainer payload once credentials are submitted, enabling immediate theft of digital assets. Users who land on this page risk credential compromise and cryptocurrency loss within minutes of interaction, making it a high-impact threat to monitor closely. This domain was flagged by PhishDestroy after resolving to IP address 51.68.178.175 and confirmed to have zero detections out of 95 engines on VirusTotal. Registrar records indicate creation on December 21, 2025, through NameSilo, LLC, with an SSL certificate issued by Let’s Encrypt to add a veneer of legitimacy. The domain remains unlisted on major threat intelligence blocklists, allowing it to evade detection and attract unsuspecting traffic. While the current payload delivery mechanism is still under analysis, the infrastructure and timing suggest this is a live operation targeting users searching for software fixes or system utilities. If you have visited testonly.autofix.buzz, immediately disconnect from the internet, revoke any credentials entered, and run a full antivirus scan. Do not reuse passwords across services. Report the domain to PhishDestroy for takedown and ensure your wallet or exchange accounts are secured with hardware authentication. Avoid downloading files from unknown domains and verify software sources via official channels. Stay vigilant—this domain is considered active and dangerous, with new variants expected to emerge during continued investigation. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-12-21 08:56:36 - Registrar: NameSilo, LLC - IP: 51.68.178.175 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/c3ee3919-6bb0-4cc9-9d97-f803590820e0 - PhishDestroy: https://phishdestroy.io/domain/testonly.autofix.buzz/ - LLM endpoint: https://phishdestroy.io/domain/testonly.autofix.buzz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/testonly.autofix.buzz/ Last updated: 2026-03-28