# phaexnt.info — SUSPICIOUS

> Be alert: phaexnt.info is an ACTIVE crypto drainer phishing site flagged by 2 of 95 VirusTotal vendors.

## Summary
PhishDestroy identifies phaexnt.info as an active fake login phishing domain impersonating a major brand’s authentication portal to harvest login credentials and session tokens. The campaign is currently live and distributing malicious links via targeted emails and social engineering tactics. This domain was first registered on March 23, 2026, and has since been associated with active phishing operations designed to deceive users into surrendering sensitive account credentials.  PhishDestroy confirms that phaexnt.info has been flagged by 2 of 95 VirusTotal security vendors and appears on one external blocklist. The domain was registered through PDR Ltd. d/b/a PublicDomainRegistry.com and resolves to IP address 162.241.85.94. The site is secured with a Let’s Encrypt SSL certificate, a common tactic used to enhance perceived legitimacy. Despite its recent registration date, the domain exhibits behavioral patterns consistent with credential harvesting operations.  This domain is actively blocked by InversionDNS and remains classified as an elevated threat due to the likelihood of credential compromise. Users are strongly advised to avoid interacting with phaexnt.info and verify any suspicious links using PhishDestroy’s real-time scanner. Organizations should update network blocklists to include this domain and its associated IP (162.241.85.94) to prevent accidental exposure. If credentials have already been entered, users should immediately rotate passwords, enable multifactor authentication, and monitor accounts for suspicious activity.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-23 17:33:49
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- IP: 162.241.85.94

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["InversionDNS"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f8b8dd6a-d854-45e6-8ea4-71bf27ec24bb
- PhishDestroy: https://phishdestroy.io/domain/phaexnt.info/
- LLM endpoint: https://phishdestroy.io/domain/phaexnt.info/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/phaexnt.info/
Last updated: 2026-03-26