# wlfi-sales.pages.dev — SUSPICIOUS

> wlfi-sales.pages.dev is a Microsoft 365 credential phishing site with 0/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy identifies wlfi-sales.pages.dev as an active Microsoft 365 credential phishing domain designed to harvest enterprise login credentials through deceptive login prompts. This domain mimics legitimate Microsoft or Office 365 authentication portals, tricking users into entering their corporate email and password under false pretenses such as 'account verification' or 'security update required.' The threat is particularly dangerous in business environments where compromised credentials can lead to email account takeovers, data breaches, or lateral movement within corporate networks.  This domain was flagged for suspicious behavior and is currently under investigation. It resolves to IP address 188.114.97.3 and shows zero detections out of 95 VirusTotal scanners as of the last scan. Registered through Cloudflare, Inc., this domain leverages Google Trust Services SSL certificates to appear legitimate. The infrastructure shares hosting with other suspicious domains, increasing the risk profile. Users should avoid entering any credentials on this domain.  If you or someone in your organization has visited wlfi-sales.pages.dev, immediately change your Microsoft 365 password using a known-safe device and enable multi-factor authentication if not already active. Scan your device with updated antivirus software and review account activity for unauthorized logins. Report the domain to your IT security team and consider blocking it at the network level. Monitor associated email accounts for unusual activity and enable account alerts for suspicious login attempts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/6fe6a55e-32b5-420e-b884-f342311943f3
- PhishDestroy: https://phishdestroy.io/domain/wlfi-sales.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/wlfi-sales.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/wlfi-sales.pages.dev/
Last updated: 2026-03-23