# exdous.framer.ai — MALICIOUS

> Stay safe from crypto theft. The phishing domain exdous.framer.ai impersonates Exodus Wallet to steal your assets. Avoid this site now.

## Summary
PhishDestroy identifies exdous.framer.ai as a high-risk crypto drainer phishing domain targeting users of the Exodus Wallet. This fraudulent site aims to deceive victims by mimicking the legitimate Exodus Web3 Wallet interface, putting users' digital assets in severe jeopardy.

The phishing campaign operates by impersonating the official Exodus Wallet platform, luring users to enter sensitive credentials or private keys. Once compromised, attackers can drain cryptocurrency funds directly from victims' wallets. The domain was flagged by multiple security vendors and appears on three major blocklists before being taken offline.

Users are advised to avoid the exdous.framer.ai domain entirely. Always verify website URLs carefully and access wallets through official channels or trusted apps. If you suspect exposure to this phishing attempt, immediately change wallet credentials and consider transferring funds to a secure wallet. Staying vigilant protects your crypto assets from theft.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 404)
- Target brand: Exodus Wallet
- Page title: Exodus Web3 Wallet – Your Gateway to Web3 & DeFi™

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Expires: 2028-01-05 00:00:00
- Registrar: CSC Corporate Domains, Inc.
- Country: US
- IP: 35.71.142.77
- IP Country: US
- IP City: Seattle
- IP Org: AS16509 Amazon.com, Inc.
- Nameservers: ["ns-1902.awsdns-45.co.uk", "ns-635.awsdns-15.net", "ns-1198.awsdns-21.org", "ns-114.awsdns-14.com"]
- SSL Issuer: Let's Encrypt / E8

## Detection Status
- VirusTotal: 12 vendors flagged
  Vendors: ["ChainPatrol", "alphaMountain.ai", "Cluster25", "CRDF", "Forcepoint ThreatSeeker", "Fortinet", "Gridinsoft", "Kaspersky", "Lionic", "Sophos", "Trustwave", "VIPRE"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c0d1e-c0a5-7338-8cdd-5fda68646df2.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/0d09a804-c6a3-47c7-b82a-1d8634edaffe
- Wayback Machine: https://web.archive.org/web/https://exdous.framer.ai
- PhishDestroy: https://phishdestroy.io/domain/exdous.framer.ai/
- LLM endpoint: https://phishdestroy.io/domain/exdous.framer.ai/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/exdous.framer.ai/
Last updated: 2026-03-19