Cloudflare Pages “Continue Read” Redirect Kit Exploited for Phishing, Adware, and Malware Delivery

A malicious campaign is exploiting Cloudflare Pages (domain pages[.]dev) to host seemingly legitimate SEO blogs. These pages display a delayed modal "Continue Read" which, when clicked, redirects users to a centralized redirection system. This system conditionally routes traffic to phishing pages, adware/PUP installers, fake browser download lures, or social engineering attacks via QR code.