# rexax.pages.dev — SUSPICIOUS > PhishDestroy identifies rexax.pages.dev as a live DocuSign invoice phishing site (0/95 VT detections). Check the full report to learn how to stay safe. ## Summary PhishDestroy has flagged rexax.pages.dev as an active phishing domain designed to impersonate DocuSign, a leading e-signature platform. This site lures victims with fraudulent invoice notifications, tricking them into downloading malware or surrendering login credentials. Attackers exploit the trust associated with DocuSign to bypass email filters and social engineering defenses. If you receive an unexpected invoice or document request from an unknown sender, treat it as suspicious until verified through official channels. This domain was flagged by PhishDestroy after resolving to IP 172.66.46.230 and was found to have zero detections out of 95 VirusTotal scans. Registered through Cloudflare, Inc., rexax.pages.dev leverages a Let’s Encrypt SSL certificate to appear legitimate. The domain is hosted on Cloudflare Pages, a platform often abused by threat actors to rapidly deploy phishing kits. Threat intelligence indicates that this domain may have been created recently, with no prior history in security databases, suggesting it is part of a short-lived campaign to evade detection. If you visited rexax.pages.dev or received a suspicious email referencing this domain, do not enter any personal or financial information. Disconnect from the site immediately and scan your device for malware using a trusted security tool. Report the incident to your email provider and consider enabling multi-factor authentication (MFA) on accounts that may have been exposed. For organizations, block the domain and IP at the firewall level. Stay vigilant and verify unexpected requests directly with the sender through official contact methods. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.46.230 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/rexax.pages.dev - PhishDestroy: https://phishdestroy.io/domain/rexax.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/rexax.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/rexax.pages.dev/ Last updated: 2026-04-03