# multi-authsessions.pages.dev — SUSPICIOUS

> multi-authsessions.pages.dev impersonates Microsoft 365 for credential theft, flagged by 0 of 95 VirusTotal vendors.

## Summary
PhishDestroy identifies multi-authsessions.pages.dev as an active Microsoft 365 credential harvesting campaign. This domain mimics Microsoft's authentication portal to deceive users into surrendering login credentials, posing a direct threat to corporate and personal Microsoft 365 accounts.

This domain was flagged by 0 of 95 VirusTotal vendors as of the latest scan, indicating a lack of widespread detection despite active abuse. It resolves to IP 172.66.44.202 through Cloudflare, Inc., utilizing a Let's Encrypt SSL certificate. The domain is hosted on Cloudflare Pages, a legitimate platform abused for phishing deployments, complicating takedown efforts.

Status remains active as of seed 027fc3. Immediate actions include blocking the domain at the network and DNS levels, as well as flagging the IP (172.66.44.202) for egress filtering. Users encountering this domain should report it to Microsoft and their security teams, avoid any interaction, and verify all login pages via official Microsoft domains. Organizations are advised to enforce multi-factor authentication and deploy browser-based phishing detection rules targeting Cloudflare Pages-hosted domains.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.202

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c7196a0d-9e81-4e95-b0d3-6763f7a07ba4
- PhishDestroy: https://phishdestroy.io/domain/multi-authsessions.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/multi-authsessions.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/multi-authsessions.pages.dev/
Last updated: 2026-04-13