# tondrops.pages.dev — SUSPICIOUS

> tondrops.pages.dev hosts a credential theft phishing page detected by PhishDestroy with 0/95 VirusTotal detections. Act now to block and report

## Summary
PhishDestroy identifies tondrops.pages.dev as a live credential theft phishing domain registered via Cloudflare on behalf of an unknown actor. The page impersonates a generic login portal to harvest user credentials, consistent with an active campaign aimed at harvesting account information. No specific drainer kit or targeted brand has been confirmed at this stage; the domain serves as a gateway for subsequent credential abuse rather than a specialized crypto-draining payload. Creation date and hosting infrastructure suggest opportunistic deployment rather than a sophisticated operation.    This domain resolves to IP 188.114.96.3 and utilizes a Google Trust Services SSL certificate issued under the Cloudflare Inc. registrar. VirusTotal currently reports 0/95 detections and no blocklist inclusion on Google Safe Browsing as of seed 601842. The domain is active and under investigation, with no confirmed ties to known credential-theft groups or specific impersonated brands. The low detection rate indicates evasion tactics such as rapid infrastructure churn or domain fronting are likely in play.    As of now, tondrops.pages.dev remains active with no takedown issued. Users are advised to block the domain at the network and browser levels and submit samples to PhishDestroy for escalation. While the immediate risk is moderate due to low detection, the potential for credential harvesting remains high. Security teams should monitor for exfiltration to unknown endpoints and update firewall rules to deny traffic to 188.114.96.3. Remaining risk is classified as under investigation pending further IOC correlation.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/933f32b0-c672-4602-9679-c4c053889c00
- PhishDestroy: https://phishdestroy.io/domain/tondrops.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/tondrops.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/tondrops.pages.dev/
Last updated: 2026-03-25