# thavda.pages.dev — SUSPICIOUS

> Investigating thavda.pages.dev for credential theft via a phishing scam. Detected by 0/95 VirusTotal engines. Act now to secure accounts.

## Summary
PhishDestroy identifies thavda.pages.dev as an active credential theft domain flagged under generic phishing. This Pages.dev subdomain resolves to Cloudflare-hosted IP 188.114.96.3 with a Google Trust Services SSL certificate, suggesting a deliberate attempt to mimic legitimate services. VirusTotal scans currently show 0 detections out of 95 security engines, indicating this threat evades traditional antivirus detection.  The domain was registered through Cloudflare, Inc. with no publicly available creation date, which is common for disposable phishing infrastructure. Despite low detection rates, the use of Pages.dev and Cloudflare’s infrastructure highlights an advanced evasion technique where attackers leverage reputable services to host malicious content. The absence of blocklist entries suggests this is a newly deployed threat, emphasizing the need for proactive monitoring.  Users who visited thavda.pages.dev should immediately audit their credentials, enable multi-factor authentication (MFA) on all accounts, and avoid reusing passwords. If any login attempts were made, change passwords immediately and monitor for suspicious activity. For network defenders, blocking the IP 188.114.96.3 and the domain at DNS/firewall levels is recommended. Report the domain to threat intelligence platforms to aid in future detection.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/0dbe23dc-c684-441e-98b6-bc999c892c44
- PhishDestroy: https://phishdestroy.io/domain/thavda.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/thavda.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/thavda.pages.dev/
Last updated: 2026-03-30