# ex-x-duses.pages.dev — SUSPICIOUS

> ex-x-duses.pages.dev is flagged for phishing scams mimicking DocuSign logins. VirusTotal detects 2/95 security vendors. Check the full report.

## Summary
PhishDestroy identifies ex-x-duses.pages.dev as an active phishing domain posing as a DocuSign login portal, designed to deceive users into entering credentials. This domain utilizes Cloudflare’s infrastructure and is hosted on IP address 188.114.96.3 under a Google Trust Services SSL certificate, creating a deceptive appearance of legitimacy. VirusTotal analysis confirms 2 out of 95 security vendors have flagged this domain as malicious, indicating a low but concerning detection rate among industry tools.

The domain was registered through Cloudflare, Inc., leveraging the platform’s anonymity and rapid deployment capabilities to evade immediate takedowns. While specific creation timestamps are not disclosed, the combination of low detection rate and Cloudflare’s use suggests this phishing campaign is actively targeting users with urgency-based lures, such as falsified document signing notifications. Blocklists likely contain this domain, though the exact count remains unpublished, reinforcing the need for heightened scrutiny.

Users who accessed ex-x-duses.pages.dev should immediately check their accounts for unauthorized activity, especially if any credentials were entered. Avoid reusing passwords across services and enable two-factor authentication where available. Report the domain to your email provider and browser as a phishing site. Do not interact further. Use trusted DocuSign portals only by typing the official URL directly.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/0bccfe76-bda2-4ea6-9103-37bc7447e634
- PhishDestroy: https://phishdestroy.io/domain/ex-x-duses.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ex-x-duses.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ex-x-duses.pages.dev/
Last updated: 2026-03-23