# doc-exoduswebs.pages.dev — SUSPICIOUS

> Warning: doc-exoduswebs.pages.dev is a low-risk phishing domain impersonating Exodus. Avoid interaction and report suspicious activity immediately.

## Summary
PhishDestroy identifies doc-exoduswebs.pages.dev as an active domain involved in brand impersonation targeting Exodus users. Despite a low overall risk level, the site aims to deceive visitors by mimicking the Exodus brand, potentially leading to credential theft or other fraudulent activities. This domain presents a subtle threat due to its early-stage detection and resemblance to legitimate services.

The domain was registered on March 12, 2026, and resolves to the IP address 172.66.46.222. It currently appears on two recognized security blocklists, with a minor detection rate from VirusTotal (2 out of 95 vendors). The site's page title, "Suspected phishing site | Cloudflare," suggests hosting behind a common content delivery network, which may complicate mitigation efforts. The infrastructure indicates an attempt to leverage trusted platforms to lend credibility to the phishing attempt.

As of now, the domain remains active and continues to pose a potential threat to Exodus users. PhishDestroy recommends immediate blocking of this domain at network and endpoint levels, along with user education to avoid interacting with suspicious URLs. Security teams should monitor for related phishing campaigns and report any new activity to threat intelligence platforms for ongoing tracking.

## Threat Details
- Verdict: SUSPICIOUS
- Site status:  (HTTP ?)
- Target brand: Exodus
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-03-12 13:07:01
- IP: 172.66.46.222
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["addyson.ns.cloudflare.com", "sam.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 2 vendors flagged
  Vendors: ["ChainPatrol", "LevelBlue"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ce68c-bcbf-70ef-bb13-c383c8b0b8fa.png
- PhishDestroy: https://phishdestroy.io/domain/doc-exoduswebs.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/doc-exoduswebs.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/doc-exoduswebs.pages.dev/
Last updated: 2026-03-19