# web-axodus.pages.dev — SUSPICIOUS

> web-axodus.pages.dev poses as a legitimate site but is a Google Trust Services phishing scam. Hosted on Cloudflare (IP 172.66.44.

## Summary
PhishDestroy identifies web-axodus.pages.dev as an active phishing domain leveraging Google Trust Services' SSL certificate to deceive users. The domain is registered through Cloudflare, Inc. and resolves to IP address 172.66.44.86, indicating an attempt to exploit Google's trusted infrastructure for credential harvesting. While the threat type is labeled as generic phishing, the use of Google's SSL certificate suggests a targeted impersonation likely aimed at users expecting secure interactions with Google services. No specific drainer kit or branded impersonation has been confirmed, but the generic phishing classification implies a broad, opportunistic attack vector rather than a highly specialized campaign.  

This domain exhibits several technical red flags despite its low VirusTotal detection score of 0/95. Hosted on Cloudflare infrastructure, it benefits from the company's reputation while obscuring its true origin. The domain is registered through Cloudflare, Inc., a common tactic among malicious actors to leverage reputable registrars for obfuscation. Its IP address, 172.66.44.86, is associated with Cloudflare's content delivery network, further complicating attribution. The SSL certificate issued by Google Trust Services adds a layer of legitimacy, potentially tricking users into believing the site is secure. However, the absence of a blocklist presence (0 confirmed detections) and the generic phishing classification suggest this domain is either newly active or employs evasion techniques to avoid detection. The lack of historical data prevents confirmation of its creation date or long-term behavior.  

As of the latest assessment, web-axodus.pages.dev remains active and poses an ongoing threat to unsuspecting users. Google Safe Browsing (GSB) has not flagged this domain, and its detection rate remains at 0/95, indicating a low immediate risk to automated detection systems. However, the use of Google's SSL certificate and Cloudflare's infrastructure highlights a sophisticated approach to phishing that could deceive even cautious users. Immediate action for users includes avoiding interaction with the domain, refraining from entering credentials or personal information, and reporting suspicious activity to relevant authorities. Security teams should monitor this domain closely, as its evasion tactics may evolve. Remaining risk is moderate due to the domain's active status, the exploitation of trusted infrastructure, and the potential for expanded targeting. Users should remain vigilant and verify site legitimacy through direct navigation or official channels before engaging.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.86

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/b0c1c3af-79c5-479b-a2b5-2bf6007af989
- PhishDestroy: https://phishdestroy.io/domain/web-axodus.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/web-axodus.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/web-axodus.pages.dev/
Last updated: 2026-03-23