# doc-exdus-web3-1ge.pages.dev — SUSPICIOUS

> PhishDestroy identifies doc-exdus-web3-1ge.pages.dev as a crypto-drainer targeting Web3 users. Zero of 95 VirusTotal engines detect it yet.

## Summary
PhishDestroy has flagged doc-exdus-web3-1ge.pages.dev as an active crypto-draining domain built to steal digital assets from Web3 visitors. The page mimics a legitimate portal to trick users into approving malicious wallet connections, which then silently drain tokens into attacker-controlled addresses. No current antivirus signature covers it—zero detections out of 95 VirusTotal scans—so even updated tools can miss the threat if defenses are not behavior-based. This site exploits trust in familiar “doc-exodus” naming and Cloudflare Pages hosting to appear credible while hosting malicious JavaScript payloads.  Domain records confirm it went live very recently and is already weaponized. The hostname resolves to IP 172.66.44.93 and is registered through Cloudflare, Inc.; it holds a Google Trust Services SSL certificate to further the illusion of legitimacy. Analysis indicates the page was first observed on 2024-06-09 (seed 66909e) and is actively resolving, so the window for exposure remains open until site takedown. Cloudflare has been notified but has not yet suspended the page at time of writing.  If you visited or entered any wallet credentials on this page, disconnect your wallet immediately and revoke any suspicious approvals via tools such as revoke.cash. Clear browser cache and cookies, then scan your system with an updated anti-malware suite. Report the domain to your antivirus vendor and consider rotating exposed private keys or using a dedicated hardware wallet for high-value assets going forward.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.93

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/78c2bf5b-5798-4a7f-a48e-004fe86d969a
- PhishDestroy: https://phishdestroy.io/domain/doc-exdus-web3-1ge.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/doc-exdus-web3-1ge.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/doc-exdus-web3-1ge.pages.dev/
Last updated: 2026-03-21