# txnodemicemode.pages.dev — SUSPICIOUS

> txnodemicemode.pages.dev is a live phishing page hosted on Cloudflare that mimics brand login portals.

## Summary
PhishDestroy identifies txnodemicemode.pages.dev as an active generic-phishing domain that lures users into surrendering login credentials under the guise of a trusted brand portal. The risk level is elevated due to the combination of live hosting, low detection, and a trust-abusing Cloudflare front-end. This domain was flagged by only 1 out of 95 VirusTotal security vendors, indicating limited but meaningful coverage and highlighting the need for user caution.  This domain resolves to IP 172.66.47.201 and is served over HTTPS with a Google Trust Services certificate, leveraging Cloudflare, Inc. as registrar and hosting provider. The current detection ratio of 1/95 on VirusTotal suggests minimal visibility in automated defenses, increasing the likelihood that end-users may encounter the page undetected. While the presence of a Google-issued certificate may imply legitimacy at a glance, it is commonly abused by threat actors to lend false credibility to phishing pages. The use of Cloudflare Pages further complicates blocking and takedown efforts due to the platform’s widespread and legitimate usage.  To mitigate exposure to txnodemicemode.pages.dev, users should avoid clicking links from unsolicited emails, SMS, or social media messages claiming to require login or account verification. Organizations are advised to deploy browser-based URL filtering and DNS sinkholing policies targeting the IP 172.66.47.201 and the domain itself. Security teams should also monitor for inbound reports of credential submission attempts and correlate with known brand impersonation campaigns. Immediate takedown requests should be filed with Cloudflare and domain registrars upon identification.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.201

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/89076e07-abb0-4617-b5fe-27bdd50a8f31
- PhishDestroy: https://phishdestroy.io/domain/txnodemicemode.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/txnodemicemode.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/txnodemicemode.pages.dev/
Last updated: 2026-03-22