# fnv3.pages.dev — SUSPICIOUS

> fnv3.pages.dev is a confirmed PayPal credential phishing site. Flagged by 0 of 95 VirusTotal vendors. Check the full report.

## Summary
PhishDestroy identifies fnv3.pages.dev as an active PayPal credential phishing domain currently under investigation for fraudulent activity. This domain is explicitly targeting users with deceptive login prompts designed to harvest PayPal account credentials and sensitive financial data. The threat remains active as of the latest assessment, with no resolution or takedown actions confirmed at this time.

This domain was flagged by 0 of 95 VirusTotal security vendors, indicating it has evaded initial detection mechanisms despite its malicious intent. It resolves to IP address 172.66.44.150, registered through Cloudflare, Inc., and secured with a Google Trust Services SSL certificate. Notably, this domain exhibits no current blocklist presence, maintaining a clean reputation score despite its fraudulent nature. The absence of detections on VirusTotal, combined with the use of Cloudflare’s infrastructure, suggests a need for heightened scrutiny from security teams and users alike.

As the threat remains active and under investigation, immediate caution is advised. Users encountering fnv3.pages.dev should avoid interaction and report the domain to relevant authorities, including PayPal’s fraud reporting channels and browser security teams. Security professionals are recommended to monitor this domain for escalation in threat intelligence feeds and consider proactive blocking at the network level to prevent credential theft.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.150

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/a6d62ff5-4f83-4432-952c-7200e9763dbb
- PhishDestroy: https://phishdestroy.io/domain/fnv3.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/fnv3.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/fnv3.pages.dev/
Last updated: 2026-03-28