# en-s-exedos.pages.dev — SUSPICIOUS

> en-s-exedos.pages.dev poses as a fake service in a brand impersonation scam. Flagged by 0 of 95 VirusTotal vendors.

## Summary
PhishDestroy identifies en-s-exedos.pages.dev as an active brand impersonation scam site currently under investigation for credential theft activities. The domain leverages Cloudflare Pages hosting to mimic legitimate services, deceiving users into surrendering sensitive login credentials. This threat remains active and is being tracked under unique seed 887e56 for rapid takedown coordination.  

This domain was flagged by 0 of 95 VirusTotal vendors, indicating it has not yet been widely detected despite its malicious intent. The domain is registered through Cloudflare, Inc., resolving to IP address 172.66.44.232 and secured with a Google Trust Services SSL certificate. While creation details remain unverified in public records, the absence of VirusTotal detections suggests either a newly deployed campaign or one carefully evading signature-based detection mechanisms. Current trust scores and additional blocklist data remain unavailable at this time.  

Given the confirmed active status, users are strongly advised to avoid interaction with en-s-exedos.pages.dev and report any encountered credentials submitted to this domain. Organizations should implement DNS filtering to block access to 172.66.44.232 and monitor for associated IOCs in network traffic. Immediate takedown requests should be submitted to Cloudflare Trust & Safety using the domain and IP as evidence. The public is urged to verify URLs through official channels before entering any credentials or sensitive data.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.232

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/cfa2265a-f599-4d96-a67c-4fc3132724c2
- PhishDestroy: https://phishdestroy.io/domain/en-s-exedos.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/en-s-exedos.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/en-s-exedos.pages.dev/
Last updated: 2026-03-27