# thexdexva.pages.dev — MALICIOUS

> thexdexva.pages.dev is a confirmed phishing site with high risk. Avoid interaction as the domain is offline and flagged by security services.

## Summary
PhishDestroy identifies thexdexva.pages.dev as a high-risk phishing domain designed to deceive users and steal sensitive information. The threat type is categorized as generic phishing, indicating attempts to impersonate legitimate services or solicit credentials.

Supporting evidence includes its registration through Cloudflare, Inc., a reputable registrar often used by both legitimate and malicious actors. The domain was created recently on February 21, 2026, which is typical for phishing sites that have a short lifespan. VirusTotal detected suspicious activity from 15 out of 95 security vendors, and the domain appears on at least one security blocklist, further reinforcing its malicious intent. The domain resolves to IP 172.66.45.34 and was taken offline to prevent further harm.

Users are advised to avoid any engagement with thexdexva.pages.dev as its infrastructure has been disabled. PhishDestroy recommends standard precautions such as not clicking suspicious links, verifying domain legitimacy before sharing personal data, and maintaining up-to-date security software. The current offline status significantly mitigates immediate risk, but vigilance remains essential to avoid related phishing attempts.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.45.34
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["dee.ns.cloudflare.com", "rodney.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Phishing Database", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cb1ea-250f-73ac-ae0f-c72783152a03.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/3f7701bf-da97-4c97-b4f7-d94b50fb8463
- PhishDestroy: https://phishdestroy.io/domain/thexdexva.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/thexdexva.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/thexdexva.pages.dev/
Last updated: 2026-03-19