# xurin.pages.dev — SUSPICIOUS

> xurin.pages.dev is a confirmed fake login page phishing domain (VT 1/95). Check the full report for detailed indicators and safety steps.

## Summary
PhishDestroy identifies xurin.pages.dev as an active phishing domain leveraging a fake login page to harvest credentials. This domain mimics legitimate login interfaces, likely targeting unsuspecting users to steal sensitive account information. No specific brand or drainer kit was identified in current intelligence feeds, but the use of a fraudulent login page suggests a credential harvesting campaign aimed at compromising user accounts.


This domain was flagged by 1 out of 95 VirusTotal security vendors, indicating limited but confirmed malicious activity. It is registered through Cloudflare, Inc., resolving to IP 172.66.44.156 with a Google Trust Services SSL certificate. While the exact creation date is not disclosed, the domain’s infrastructure aligns with recent phishing operations using Cloudflare’s Pages service for rapid deployment and evasion of detection.


xurin.pages.dev remains active as of the latest assessment, with no known takedown actions taken. Users and organizations are advised to block this domain at the network level and avoid interaction. The elevated risk stems from its use of legitimate cloud services (Cloudflare, Google Trust Services) to enhance credibility. Remaining risk is moderate due to the domain’s recent deployment and low initial detection rate, but it may escalate as more threat intelligence is gathered. Immediate containment is recommended to prevent potential credential theft.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.156

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/5135e5ae-695d-47cb-bcf8-d274d624eb5c
- PhishDestroy: https://phishdestroy.io/domain/xurin.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/xurin.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/xurin.pages.dev/
Last updated: 2026-03-22