# c9.pages.dev — SUSPICIOUS

> PhishDestroy identifies c9.pages.dev as a live Microsoft credential phishing page hosted by Cloudflare; 0/95 security engines flagged it.

## Summary
PhishDestroy identifies c9.pages.dev as an active Microsoft credential-harvesting page that impersonates the official login portal.

This domain was flagged by PhishDestroy on seed 0c5bcf and resolves to 172.66.44.131 through Cloudflare, Inc. VirusTotal currently shows 0 detections out of 95 engines, indicating it is not yet widely blocked by antivirus vendors. The SSL certificate is issued by Google Trust Services, adding a veneer of legitimacy.

If you visited c9.pages.dev, assume your Microsoft account may be targeted. Do not enter any credentials. Log in only via the official microsoft.com domain. Immediately change your Microsoft password from a known-safe device, enable multi-factor authentication, and scan for malware. Report the page to Microsoft and your security team using the exact URL.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.131

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/a2a67667-5d02-4ba3-96b4-c78dabef9152
- PhishDestroy: https://phishdestroy.io/domain/c9.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/c9.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/c9.pages.dev/
Last updated: 2026-03-28