# cloud-exo-us.pages.dev — SUSPICIOUS

> PhishDestroy identifies cloud-exo-us.pages.dev as an active crypto drainer C2 domain. 1/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy identifies cloud-exo-us.pages.dev as a confirmed command-and-control node tied to live cryptocurrency drainer kits. The domain resolves to 188.114.97.3 and is currently propagating via Cloudflare Pages, leveraging a Google Trust Services SSL certificate to masquerade as a legitimate static hosting environment. No specific brand or drainer variant is yet tied to this infrastructure, indicating a fast-flux staging zone rather than a branded campaign.

Technical indicators confirm elevated risk: VirusTotal flagged the domain at 1/95 security vendors on first crawl, the registrar is Cloudflare, Inc., and the IP block 188.114.97.3 hosts multiple recently created Cloudflare Pages projects. Google Safe Browsing has not yet blacklisted the domain, and public blocklist counts remain low, suggesting minimal prior exposure. These sparse detections and fresh infrastructure point to an emerging threat rather than a recycled campaign.

At present cloud-exo-us.pages.dev remains active and responsive, with no takedown or blocking actions observed. PhishDestroy recommends immediate blacklisting at network and endpoint layers using the exact domain and IP. Remaining risk is high due to the active hosting environment and potential for rapid rebranding under new subdomains. Continuous monitoring and proactive DNS sinkholing are advised until Cloudflare removes the project or GSB classification is updated.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/e76bcbb5-8bb0-4978-b37c-dbce06b429c5
- PhishDestroy: https://phishdestroy.io/domain/cloud-exo-us.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/cloud-exo-us.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/cloud-exo-us.pages.dev/
Last updated: 2026-03-23