# exoxdusweb-docs.pages.dev — SUSPICIOUS

> exoxdusweb-docs.pages.dev hosts a counterfeit document phishing page with 0/95 VT detections. Check the full report.

## Summary
PhishDestroy identifies exoxdusweb-docs.pages.dev as an active document-themed phishing domain leveraging a forged document lure. The infrastructure mimics legitimate cloud storage (Cloudflare Pages), deploying a generic phishing kit to harvest credentials under the guise of sharing documents. No specific brand is mimicked in this campaign, suggesting opportunistic targeting rather than high-value impersonation. The phishing page is hosted on Cloudflare Pages, obscuring the true origin while leveraging Google Trust Services SSL certificates to appear benign. Initial analysis indicates this is part of a broader campaign using dynamic subdomains to evade detection.


Technical indicators confirm the domain resolves to 172.66.45.23 and registered via Cloudflare, Inc., with VirusTotal currently scoring 0/95 detections. The SSL certificate is issued by Google Trust Services, while no presence is detected in Google Safe Browsing. This domain remains unblocked by major threat intelligence platforms, presenting a significant window for exploitation. The domain's recent creation and clean reputation underscore the stealthy nature of this threat, requiring proactive hunting to prevent victimization.


Current status remains active as the domain continues to operate undetected. Immediate response includes flagging the domain for takedown via Cloudflare Trust & Safety and updating network blocklists to prevent access. Remaining risk is assessed as high due to its undetected status and potential for widespread credential harvesting. Users are advised to avoid accessing this domain and report any observed phishing activity. Further forensic analysis is ongoing to identify additional infrastructure and potential victims.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.45.23

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/5913fdfe-bfb0-48f0-ae8d-3fb2901314fe
- PhishDestroy: https://phishdestroy.io/domain/exoxdusweb-docs.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/exoxdusweb-docs.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/exoxdusweb-docs.pages.dev/
Last updated: 2026-03-21