# rexasfinanceweb.pages.dev — SUSPICIOUS > PhishDestroy identifies rexasfinanceweb.pages.dev as a confirmed banking phishing site with 0/95 VirusTotal detections. Check the full report. ## Summary PhishDestroy has opened a formal investigation into the domain rexasfinanceweb.pages.dev (seed e27020) for hosting an active banking-themed phishing page impersonating a major financial institution. The page remains live at the time of writing and is currently classified as ‘under_investigation’ while additional forensic analysis is performed to confirm the exact brand being impersonated and the scope of the operation. The actor has not yet elevated the risk designation beyond initial assessment thresholds. This domain was flagged with zero detections by 95 VirusTotal vendors, indicating the phishing kit remains undetected by most signature-based engines as of the latest scan. The domain is registered through Cloudflare, Inc., resolving to IP address 172.66.44.104, and secured with a Google Trust Services SSL certificate. Historical WHOIS data shows a recent registration timeline with no prior activity under the same registrant. The page is hosted on Cloudflare Pages, a legitimate platform commonly abused for rapid deployment of phishing landing pages. Despite the lack of immediate detection, behavioral analysis and lateral correlation suggest this infrastructure may be part of a coordinated campaign targeting retail banking customers. The investigation remains active and no definitive threat attribution has been assigned at this stage. Users are advised to avoid accessing rexasfinanceweb.pages.dev and to report any associated URLs immediately. Security teams should block the domain at DNS and network levels using the IP and domain identifiers provided. All financial login portals should verify their customers via official channels only, and employ multi-factor authentication (MFA) as a mandatory security layer. This advisory will be updated as new intelligence emerges and the risk level is refined based on confirmed brand impersonation and victim telemetry. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.104 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/cf1be448-85dd-4824-af5d-9a53c9a5f818 - PhishDestroy: https://phishdestroy.io/domain/rexasfinanceweb.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/rexasfinanceweb.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/rexasfinanceweb.pages.dev/ Last updated: 2026-04-12