# paypalsupport.pages.dev — MALICIOUS > paypalsupport.pages.dev conducts PayPal brand impersonation phishing with 11/95 VT detections. Check the full report for detailed threat analysis. ## Summary The domain paypalsupport.pages.dev has been identified as an active threat engaging in brand impersonation targeting the PayPal service. This domain is used in a sophisticated phishing campaign designed to deceive users into believing they are interacting with a legitimate PayPal support site. While no specific drainer kit has been explicitly linked to this domain, the impersonation tactic strongly suggests credential harvesting or financial fraud as the end goal. Technical analysis reveals that paypalsupport.pages.dev holds an SSL certificate issued by Google Trust Services, which could lend false credibility to unsuspecting victims. The domain resolves to the IP address 188.114.97.3 and is registered through Cloudflare, Inc. According to VirusTotal data, 11 out of 95 security vendors have flagged this domain, underscoring its malicious nature. The domain's creation date is not specified here, but it remains active and is not currently flagged by Google Safe Browsing (GSB) or widely blocklisted, which increases its potential risk to end users. Currently, paypalsupport.pages.dev is active and continues to pose an elevated risk due to its ability to convincingly impersonate PayPal. Response actions should include blocking access to this domain at network and endpoint security levels and educating users about the risk of such brand impersonation scams. Users encountering this domain should avoid submitting personal or financial information, as attackers may capture credentials or payment details. Continuous monitoring is recommended to detect changes in infrastructure or increased detection rates by security vendors. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: PayPal ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 11 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/e920b3b3-3d01-4524-ab0d-a565b6d9eebd - PhishDestroy: https://phishdestroy.io/domain/paypalsupport.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/paypalsupport.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/paypalsupport.pages.dev/ Last updated: 2026-03-24