# navieghrehbgherk-rxauserxezmjmekohryizhsq.pages.dev — MALICIOUS

> navieghrehbgherk-rxauserxezmjmekohryizhsq.pages.dev is a high-risk phishing domain. Avoid interaction and ensure your credentials stay secure.

## Summary
PhishDestroy has identified navieghrehbgherk-rxauserxezmjmekohryizhsq.pages.dev as a high-risk generic phishing domain designed to deceive users and collect sensitive information. The domain's suspicious nature is corroborated by Google Safe Browsing, which flags it for social engineering activities, indicating attempts to trick users into divulging personal data or credentials.

Technically, the domain was registered on February 21, 2026, through Cloudflare, Inc., and resolves to the IP address 172.66.44.216. VirusTotal analysis shows that 14 out of 95 security vendors flag this domain as malicious, reinforcing its threat potential. It also appears on one security blocklist, further underscoring the risks associated with this domain. The page title detected was "Suspected phishing site | Cloudflare," which aligns with its malicious intent.

Currently, navieghrehbgherk-rxauserxezmjmekohryizhsq.pages.dev has been taken offline, reducing immediate risk to users. PhishDestroy recommends maintaining vigilance by avoiding any interaction with this domain or similar suspicious URLs. Users should ensure up-to-date security software is in place and report any phishing attempts to their security teams or relevant authorities to prevent credential compromise and data theft.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.216
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["jade.ns.cloudflare.com", "lee.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["alphaMountain.ai", "BitDefender", "ESET", "Emsisoft", "Fortinet", "G-Data", "Google Safebrowsing", "Gridinsoft", "Lionic", "Netcraft", "Phishing Database", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cadc0-e785-71f0-a9db-c74daae05887.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/21d1bbdc-edab-46fb-90b1-4bc810d74589
- PhishDestroy: https://phishdestroy.io/domain/navieghrehbgherk-rxauserxezmjmekohryizhsq.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/navieghrehbgherk-rxauserxezmjmekohryizhsq.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/navieghrehbgherk-rxauserxezmjmekohryizhsq.pages.dev/
Last updated: 2026-03-19