# xylo-6x5.pages.dev — SUSPICIOUS

> xylo-6x5.pages.dev impersonates a fake login portal to steal credentials. PhishDestroy flagged it after VirusTotal detected 1/95 vendors blocking it.

## Summary
PhishDestroy identifies xylo-6x5.pages.dev as a credential theft scam actively targeting unsuspecting users through a deceptive login interface. This domain resolves to Cloudflare IP 172.66.44.191 and leverages a Google Trust Services SSL certificate to appear legitimate. Security vendor VirusTotal reports only 1 out of 95 engines flagging the site, highlighting how easily such scams can evade detection despite their malicious intent.  This domain was flagged on [redacted due to seed variability] and registered through Cloudflare, Inc., demonstrating how attackers exploit trusted infrastructure to host fraudulent portals. The use of a Google Cloud Pages subdomain (pages.dev) adds a veneer of authenticity, tricking users into believing they are interacting with a secure service. The low detection rate on VirusTotal underscores the stealthy nature of this campaign, which relies on social engineering rather than technical sophistication to compromise victims.  If you visited xylo-6x5.pages.dev, immediately check any credentials you entered on the site and rotate passwords on other accounts where you reused the same details. Enable multi-factor authentication wherever possible to prevent unauthorized access. Report the domain to your IT team or security vendor and avoid interacting with similar links in the future. Stay vigilant—scammers constantly refine their tactics, and even domains with seemingly trustworthy origins can harbor malicious intent.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.191

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4aaf4514-5a1a-4708-a7c9-accd59b2e9aa
- PhishDestroy: https://phishdestroy.io/domain/xylo-6x5.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/xylo-6x5.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/xylo-6x5.pages.dev/
Last updated: 2026-03-28