# internal-rdpfix.pages.dev — MALICIOUS

> internal-rdpfix.pages.dev is a high-risk phishing domain. Avoid interaction; the site is now offline following multiple security detections.

## Summary
PhishDestroy identifies internal-rdpfix.pages.dev as a high-risk generic phishing domain targeting users with deceptive tactics. The domain was registered recently, on February 21, 2026, and has been flagged across several security blocklists for suspicious activity consistent with phishing campaigns.

The domain was registered through Cloudflare, Inc. and appeared on three notable security blocklists. VirusTotal analysis shows 15 out of 95 security vendors flagged this domain for malicious behavior. These indicators suggest the domain was used to impersonate legitimate services to harvest sensitive user credentials or deploy fraudulent schemes.

Currently, internal-rdpfix.pages.dev is offline, reflecting a timely takedown possibly coordinated by security teams or hosting providers in response to threat intelligence. Users are strongly advised to avoid visiting or interacting with this domain to prevent exposure to phishing risks.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.149
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["serenity.ns.cloudflare.com", "nash.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Phishing Database", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "ScamSniffer"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bb96b-84d8-71b9-8d98-da5361b2e376.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/8832fba3-0acd-4ec0-858b-5fb96862321f
- PhishDestroy: https://phishdestroy.io/domain/internal-rdpfix.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/internal-rdpfix.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/internal-rdpfix.pages.dev/
Last updated: 2026-03-19