# ai-9xf.pages.dev — SUSPICIOUS

> ai-9xf.pages.dev is a malicious site impersonating login portals, flagged by 1 of 95 VirusTotal scanners.

## Summary
ai-9xf.pages.dev is a confirmed malicious website engineered to deceive users into surrendering sensitive account credentials through fake login forms. The threat actor behind this domain likely uses social engineering tactics—such as impersonating legitimate services or internal platforms—to trick visitors into entering their usernames, passwords, or multi-factor authentication codes. Once submitted, this stolen data is transmitted to attacker-controlled servers, enabling unauthorized access to personal accounts, corporate networks, or financial systems. The risk is elevated not only because of the active deception but also due to the domain’s use of Cloudflare’s infrastructure, which can mask the true origin and evade basic network-level defenses.  This domain was flagged as malicious by PhishDestroy after VirusTotal analysis confirmed 1 out of 95 security engines detected it as a threat. The site is served through Cloudflare, Inc. (registered via Cloudflare Pages), resolving to IP 172.66.45.35 and protected with a Google Trust Services SSL certificate to appear legitimate. Such configurations are common in phishing campaigns because they leverage trusted domains and encryption to bypass browser warnings and gain user trust. While the certificate itself is valid, it is misused to lend credibility to a fraudulent site.  If you visited ai-9xf.pages.dev, do not enter any login credentials or personal information. Close the tab immediately and clear your browser cache. Change passwords for any accounts you may have accessed using the same login details, and enable multi-factor authentication where available. If you entered sensitive data, monitor your accounts for unusual activity and consider enabling fraud alerts. Report the domain to your IT team or security provider, and avoid reopening the site. Use trusted bookmarks or direct URL entry for sensitive sites to prevent accidental visits to imposters.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.45.35

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c0a6e3b3-6334-4a6d-9453-156e19d1f62a
- PhishDestroy: https://phishdestroy.io/domain/ai-9xf.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ai-9xf.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ai-9xf.pages.dev/
Last updated: 2026-04-13