# mashalaump.pages.dev — SUSPICIOUS

> PhishDestroy flags mashalaump.pages.dev for credential theft phishing. VirusTotal shows 0/95 detections as of seed 062c68. Take action now.

## Summary
PhishDestroy identifies mashalaump.pages.dev as an active credential theft campaign targeting unsuspecting users. The domain leverages a Cloudflare-registered subdomain under pages.dev to host spoofed login portals, aiming to harvest credentials under the guise of legitimate authentication flows. Given its recent registration and lack of detection coverage, this threat exhibits high evasion potential and poses a significant risk to users engaging with untrusted links.  

This domain was flagged with a status of active and a risk level under investigation (seed 062c68). Intelligence confirms VirusTotal detections at 0/95 as of the latest scan, no blocklist inclusions, registration through Cloudflare, Inc., resolution to IP 188.114.97.3 via Let’s Encrypt SSL, and infrastructure hosted on Cloudflare Pages. The subdomain structure and use of a reputable CDN suggest an attempt to bypass traditional security filters by blending into trusted web services.  

Users are advised to immediately block mashalaump.pages.dev at the network level and avoid interacting with any login prompts originating from this domain. Organizations should update email security policies to flag Cloudflare Pages subdomains associated with suspicious keywords or low-reputation domains. For credential theft mitigation, enable multi-factor authentication across all accounts and educate users on verifying domain legitimacy through official channels.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/01729887-541a-48ab-bcfd-bf19be3652c0
- PhishDestroy: https://phishdestroy.io/domain/mashalaump.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/mashalaump.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/mashalaump.pages.dev/
Last updated: 2026-03-24