# exodus-login-faqs.pages.dev — MALICIOUS

> exodus-login-faqs.pages.dev was flagged for phishing attempts targeting Exodus users. Now offline, learn how to stay safe from brand impersonation scams.

## Summary
PhishDestroy identifies exodus-login-faqs.pages.dev as a high-risk phishing domain impersonating the Exodus brand. This site posed a serious danger by attempting to deceive users into believing they were interacting with the legitimate Exodus platform. Such impersonation can lead to credential theft, financial loss, and compromised personal data.

This phishing scheme worked by mimicking Exodus’s login-related content to lure victims into submitting sensitive information. The domain was newly created in February 2026 and registered through Cloudflare, Inc., which sometimes facilitates quick deployment of fraudulent pages. It was flagged by Google Safe Browsing for social engineering, appeared on multiple security blocklists, and was detected by 14 security vendors on VirusTotal. The site resolved to an IP address associated with Cloudflare, indicating the use of proxy services to mask the attacker’s origin.

If you visited exodus-login-faqs.pages.dev, it is critical to immediately change any passwords or credentials you entered, especially those linked to your Exodus account. Monitor your accounts for unauthorized activity and enable multi-factor authentication where possible. Avoid revisiting suspicious domains and rely on official Exodus channels for login and support. Reporting such sites to your security teams and using updated antivirus and anti-phishing tools can help protect you from similar threats in the future.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Exodus
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.123
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["jerry.ns.cloudflare.com", "kira.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cd1d0-d4a3-76ec-a785-9f40c23dbbfd.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/4a39c2d8-3719-4276-8a3d-8b4d2a0d8f5f
- PhishDestroy: https://phishdestroy.io/domain/exodus-login-faqs.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/exodus-login-faqs.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/exodus-login-faqs.pages.dev/
Last updated: 2026-03-19