# draii.pages.dev — SUSPICIOUS

> draii.pages.dev is a live tech support scam posing as a Microsoft alert. It is hosted on 188.114.96.3 with zero VirusTotal detections.

## Summary
PhishDestroy identifies the domain draii.pages.dev as an active fake tech support scam impersonating Microsoft popup alerts. When visited, the site displays a fraudulent warning urging users to call a toll-free number for immediate assistance, claiming their device is infected or locked. The page leverages Cloudflare’s Workers platform (pages.dev) to evade traditional blocklists and maintain agility, rotating infrastructure via Cloudflare’s IP range 188.114.96.0/24. This campaign relies on urgency and fear to trick victims into contacting scammers who demand payment for non-existent services or remote access fees. The threat is categorized as generic phishing due to broad targeting and lack of a single branded impersonation target.  

This domain was flagged by PhishDestroy on seed 8b3be7 with the following technical indicators: VirusTotal shows 0 detections out of 95 engines as of the latest scan, indicating a newly launched or low-profile campaign. It resolves to IP 188.114.96.3, part of Cloudflare’s hosting infrastructure. The site is registered through Cloudflare, Inc., which is not itself malicious but is commonly abused for short-lived phishing domains due to free tier availability and fast provisioning. The lack of current detections suggests this campaign is still in early stages of deployment and may expand rapidly.  

Users who have visited draii.pages.dev should immediately close the browser tab and avoid interacting with any popups or phone numbers displayed. Do not call any numbers shown, download software, or grant remote access. If you entered personal or payment information, contact your bank immediately and monitor accounts for fraud. Report the domain to your security team or platform provider using URL phishdestroy.com/report?url=draii.pages.dev. To prevent future exposure, enable browser security features, use ad-blockers with anti-phishing filters, and avoid clicking links in unsolicited alerts. Cloudflare’s infrastructure is legitimate, so blocking based on IP alone is ineffective; focus on URL and behavioral indicators.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- PhishDestroy: https://phishdestroy.io/domain/draii.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/draii.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/draii.pages.dev/
Last updated: 2026-03-26