# exo-dsus-doc.pages.dev — SUSPICIOUS

> PhishDestroy identifies exo-dsus-doc.pages.dev as an active credential-harvesting page hosted on Cloudflare Pages. 1/95 VirusTotal detections.

## Summary
PhishDestroy analysts have identified an active credential-harvesting page hosted at exo-dsus-doc.pages.dev that mimics a legitimate document-sharing portal to steal user login details.  This domain was flagged by PhishDestroy on 2024-05-28 and shows only 1 out of 95 VirusTotal security vendors detecting its malicious nature as of the same day. It is registered through Cloudflare, Inc. and resolves to IP 172.66.47.197, a Cloudflare edge node in the Pages.dev network. The site serves a self-signed SSL certificate issued by Google Trust Services, giving it a false veneer of legitimacy.  If you visited this page or entered any information, immediately change the password on that account and enable multi-factor authentication. Scan your device with updated antivirus software and monitor financial accounts for unusual activity. Report the domain to your IT security team or to PhishDestroy to help block further abuse.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.197

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/52c07e26-b569-48e9-b00b-6ed7910cba26
- PhishDestroy: https://phishdestroy.io/domain/exo-dsus-doc.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/exo-dsus-doc.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/exo-dsus-doc.pages.dev/
Last updated: 2026-03-21