# m336.pages.dev — SUSPICIOUS

> PhishDestroy identifies m336.pages.dev as a Microsoft 365 login phishing page. Resolves to 188.114.97.3 with 0/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy identifies m336.pages.dev as a newly active phishing domain impersonating Microsoft 365 login pages. This domain poses a credential theft risk by tricking users into entering their Microsoft credentials on a fraudulent Cloudflare Pages-hosted site. The threat actor leverages Cloudflare’s infrastructure to obscure hosting origins while using a legitimate Google SSL certificate to appear trustworthy. Users who enter credentials risk immediate account compromise, potential lateral movement within enterprise networks, and exposure of sensitive data stored in Microsoft 365 applications.  This domain was flagged under investigation with a low initial detection score of 0/95 on VirusTotal as of the seed period fa9415, indicating a stealthy and emerging threat. It is registered through Cloudflare, Inc., resolving to IP address 188.114.97.3, which hosts the phishing page disguised as a professional Microsoft service login interface. Despite its clean reputation score, several technical indicators such as URL structure, SSL issuer, and hosting origin suggest malicious intent aimed at harvesting corporate and personal Microsoft account credentials. The use of Cloudflare Pages is a common tactic to bypass traditional web filtering and maintain agility in domain rotation.  If you have visited m336.pages.dev and entered any login credentials, immediately change your Microsoft account password and enable multi-factor authentication (MFA). Review account activity for suspicious logins and revoke any unknown sessions. Organizations should block the domain at the network level and scan endpoints for credential dumping tools. Report any compromised accounts to your IT security team and consider deploying phishing-resistant MFA solutions. Monitor for follow-on attacks such as business email compromise or data exfiltration attempts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/38070ca8-2c85-41af-b186-420aa23fa05b
- PhishDestroy: https://phishdestroy.io/domain/m336.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/m336.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/m336.pages.dev/
Last updated: 2026-03-26