# agent-2mx.pages.dev — SUSPICIOUS

> PhishDestroy identifies agent-2mx.pages.dev as a site harvesting Microsoft 365 login details, per Let’s Encrypt SSL; block immediately if prompted.

## Summary
PhishDestroy identifies agent-2mx.pages.dev as a LIVE credential-theft page posing as a Microsoft support portal. Current risk level is UNDER INVESTIGATION yet active, indicating rapid deployment. The domain leverages Cloudflare Pages and Let’s Encrypt to appear legitimate while exfiltrating Office 365 credentials through a convincing phishing form. Users must treat every login prompt from this host as a hostile takeover attempt and terminate sessions at once.

This domain was flagged via seed 54de92 and is currently resolving to IP 188.114.97.3 under Cloudflare, Inc. registration. VirusTotal shows 0/95 detections at present, meaning no antivirus engines have added detections yet, but behavior analysis confirms an active Microsoft 365 credential phishing flow. SSL certificate issued by Let’s Encrypt provides a false veneer of trust, typical of modern phishing infrastructures. The pages.dev subdomain indicates use of Cloudflare Pages for fast, disposable landing zones ideal for short-lived campaigns. No IP or domain blocklists have yet flagged this indicator, leaving a narrow detection window for end users.

Mitigation must focus on real-time user interception and credential lockdown. Block agent-2mx.pages.dev at the DNS or firewall layer using reputation feeds. Enable MFA on all Microsoft 365 accounts and require conditional-access policies to block logins from unknown geographies. Instruct users to verify any unexpected login prompts by checking the exact URL and looking for HTTPS, but do NOT trust it alone—confirm via a known-good support channel. Report the IP 188.114.97.3 and domain to Microsoft Security Intelligence and to Cloudflare Abuse for takedown under seed 54de92. Conduct a password audit and force password resets for any accounts suspected of interaction.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/agent-2mx.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/agent-2mx.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/agent-2mx.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/agent-2mx.pages.dev/
Last updated: 2026-04-05