# thedoax.pages.dev — SUSPICIOUS

> The domain thedoax.pages.dev is flagged for phishing. Avoid sharing personal info and do not visit this site to stay safe online.

## Summary
PhishDestroy identifies thedoax.pages.dev as a low-risk phishing domain recently created and currently offline. While the immediate threat is limited due to its offline status, the domain was flagged for social engineering attempts designed to deceive users into revealing sensitive information.

This phishing site used misleading tactics to impersonate a legitimate service, aiming to trick visitors into submitting personal or login details. It was listed on two security blocklists and flagged by Google Safe Browsing for social engineering. The domain was registered through Cloudflare and resolved to IP 188.114.96.3 before being taken offline.

Users who have visited thedoax.pages.dev should avoid entering any credentials or personal information. It is advisable to run a security scan on their devices and monitor accounts for suspicious activity. To stay protected, always verify URLs and avoid sites flagged by security services.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-03-08 19:07:01
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 188.114.96.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: harlee.ns.cloudflare.com langston.ns.cloudflare.com
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 2 vendors flagged
  Vendors: ["Ermes", "Trustwave"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ccea1-8190-7728-af86-ce52e7ef4643.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/e17c81b4-ee7f-482e-806b-7e47de7e4870
- Wayback Machine: https://web.archive.org/web/https://thedoax.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/thedoax.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/thedoax.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/thedoax.pages.dev/
Last updated: 2026-03-19