# testprojj.pages.dev — SUSPICIOUS

> testprojj.pages.dev is a live credential harvesting site hosted on Cloudflare with 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies testprojj.pages.dev as an active credential harvesting domain designed to trick users into surrendering sensitive login credentials. This Cloudflare Pages site resolves to IP 188.114.97.3 and currently evades detection with zero detections on VirusTotal (0/95 engines). The domain leverages Google Trust Services SSL certificates to appear legitimate while hosting phishing content aimed at harvesting user credentials.  This domain was flagged during routine threat hunting with indicators pointing to a generic phishing campaign. Technical analysis reveals registration through Cloudflare, Inc. with infrastructure hosted on Cloudflare's Pages service. The malicious infrastructure remains active with 0/95 detections on VirusTotal as of the latest scan, indicating it has not yet been widely recognized by security vendors. The threat actor is likely using this platform to rapidly deploy new phishing pages while benefiting from Cloudflare's legitimate infrastructure to evade traditional blocking mechanisms.  Users who may have visited this domain should immediately check for suspicious login attempts across their accounts. If any credentials were entered, those passwords should be changed immediately and multi-factor authentication should be enabled where available. Organizations should block the IP address 188.114.97.3 at the network perimeter and consider blocking the entire Cloudflare Pages IP range if additional suspicious domains are detected. Report any interactions with this domain to your security team and consider deploying network-level blocks to prevent further access.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/6d41c240-d2fe-42fd-9774-f5b85311ed1b
- PhishDestroy: https://phishdestroy.io/domain/testprojj.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/testprojj.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/testprojj.pages.dev/
Last updated: 2026-03-22