# dual-m.pages.dev — SUSPICIOUS

> PhishDestroy identifies dual-m.pages.dev as a PayPal phishing page hosted on Cloudflare, flagged by 0/95 VirusTotal vendors.

## Summary
The domain dual-m.pages.dev is under active investigation for generic phishing activity, specifically targeting PayPal users. The website is currently operational and registered through Cloudflare, Inc., with a Let’s Encrypt SSL certificate and a resolved IP address of 188.114.96.3. This domain has not yet been flagged by any of the 95 VirusTotal vendors, though its association with credential harvesting attempts warrants heightened scrutiny.


Technical indicators confirm this domain is a high-risk phishing host. Flagged by 0 of 95 VirusTotal vendors, it resolves to IP 188.114.96.3 and operates under Cloudflare’s infrastructure, which is frequently abused for phishing campaigns due to its fast provisioning and anonymization capabilities. The domain’s use of a valid Let’s Encrypt certificate enhances its deceptive appearance, tricking users into believing it is a legitimate service. While no blocklist counts or trust scores are publicly available, the absence of detections on VirusTotal suggests this threat may be newly deployed or employing evasion techniques to avoid detection.


Given the active status and specific targeting of PayPal credentials, users should treat dual-m.pages.dev as malicious and avoid interaction. Security teams are advised to block the domain at the network level and monitor for related infrastructure. Administrators should also inspect endpoints for unauthorized access attempts linked to this domain. As this investigation remains ongoing, stakeholders are encouraged to contribute intelligence to threat intelligence platforms to enhance detection and mitigation efforts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/dual-m.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/dual-m.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/dual-m.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/dual-m.pages.dev/
Last updated: 2026-04-03