# exp--edus-web3.pages.dev — SUSPICIOUS

> exp--edus-web3.pages.dev was flagged for phishing attempts. Learn why it posed risks and its current offline status to stay protected.

## Summary
PhishDestroy identifies exp--edus-web3.pages.dev as a medium-risk generic phishing domain designed to deceive users and harvest sensitive information. The domain was used to impersonate legitimate web services in order to trick victims.

Supporting evidence includes its registration date of March 12, 2026, and its resolution to IP address 188.114.97.3. Although only 3 out of 95 security vendors on VirusTotal flagged this domain, it appears on two security blocklists, further corroborating its suspicious nature. The domain was registered through Cloudflare, Inc. and hosted on their infrastructure, with a page title indicating it was suspected as a phishing site.

Currently, exp--edus-web3.pages.dev is taken offline, mitigating immediate threats to users. PhishDestroy recommends users remain cautious with any suspicious links resembling this domain and keep security software updated. Monitoring blocklists and using reputable threat intelligence sources will help prevent exposure to similar phishing risks in the future.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-03-12 23:07:01
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 188.114.97.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: hadlee.ns.cloudflare.com thaddeus.ns.cloudflare.com
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 3 vendors flagged
  Vendors: ["ChainPatrol", "Fortinet", "Phishing Database"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ce3f6-b24c-7741-a825-4b346da6e5ef.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/73cea491-1b64-4840-a1e5-a51727833cd4
- PhishDestroy: https://phishdestroy.io/domain/exp--edus-web3.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/exp--edus-web3.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/exp--edus-web3.pages.dev/
Last updated: 2026-03-19