# e--xosdeus-web.pages.dev — SUSPICIOUS

> PhishDestroy flags e--xosdeus-web.pages.dev as a live crypto drainer with 0/95 VirusTotal detections. Do not connect wallets or enter private keys.

## Summary
PhishDestroy identifies e--xosdeus-web.pages.dev as an active crypto-draining phishing page that attempts to trick visitors into connecting a cryptocurrency wallet and signing malicious transactions. The site masquerades as a legitimate web portal but is engineered to drain funds by tricking users into approving token transfers or approving malicious smart-contract calls. Because the page loads a wallet-connect interface immediately, any approval or signature can lead to irreversible asset loss without additional confirmation.  

This domain was flagged by PhishDestroy’s automated pipeline on seed ce0110. The infrastructure is hosted on Cloudflare Pages (172.66.44.91) behind a Google Trust Services SSL certificate. VirusTotal currently shows 0 engines detecting the page (0/95), indicating it remains under the radar of most antivirus vendors. The domain was registered through Cloudflare, Inc. and went live within the last 48 hours, suggesting a fast-turnaround campaign aimed at catching users off-guard before detection services catch up.  

If you visited e--xosdeus-web.pages.dev, do not connect any wallet or sign any transactions. Disconnect immediately, revoke any unauthorized approvals via your wallet’s built-in revoke tools (e.g., revoke.cash), and move remaining assets to a fresh wallet with a new seed phrase. Report the domain to PhishDestroy’s real-time feed so others are warned, and scan your device for any lingering malware that may have been dropped during the visit.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.91

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f102951c-f294-4614-84ed-9851a8533960
- PhishDestroy: https://phishdestroy.io/domain/e--xosdeus-web.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/e--xosdeus-web.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/e--xosdeus-web.pages.dev/
Last updated: 2026-03-24