# exxodas-web3.pages.dev — SUSPICIOUS

> PhishDestroy identifies exxodas-web3.pages.dev as a live crypto scam hosted on Cloudflare IP 172.66.44.234. Users enticed to connect wallets risk asset theft.

## Summary
PhishDestroy analysis of exxodas-web3.pages.dev reveals an active web3 wallet-draining campaign impersonating legitimate crypto services. This Cloudflare Pages deployment (172.66.44.234) lures victims with fake airdrops or giveaways, then prompts wallet connections via malicious JavaScript that can drain tokens and NFTs without user confirmation. The domain is currently undetected on VirusTotal (0/95), indicating it evades most antivirus signatures, while its Cloudflare Pages origin and Google Trust Services SSL certificate give it a veneer of legitimacy that unwary users may trust.  

Evidence of malice is mounting. VirusTotal shows zero detections by 95 engines, the domain resolves via Cloudflare’s infrastructure, and no blocklist entries have been recorded yet. The use of a Google-issued SSL certificate further masks malicious intent by presenting a padlock icon that many associate with safety. This combination of trusted infrastructure and zero detections makes the threat particularly dangerous, as it can slip past spam filters, browser warnings, and antivirus checks. The deployment via Cloudflare Pages also allows rapid redeployment under new subdomains, complicating takedown efforts and enabling continuous operation.  

If you visited exxodas-web3.pages.dev, disconnect your wallet immediately using your wallet’s “Disconnect” or “Logout” feature. Revoke any token approvals via reputable block explorers such as Etherscan or Polygonscan using the “Token Approvals” tool, then scan for suspicious transactions. Do not approve any further transactions or sign messages from unknown websites. Report this domain to your wallet provider and consider transferring remaining assets to a clean wallet via a hardware wallet if possible. Disable auto-connect features in wallet extensions and enable transaction simulation tools like Tenderly or Blockaid to preview risky calls before signing.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.234

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/8a3fa4c6-f8aa-45d7-ac1b-ecf5647f7425
- PhishDestroy: https://phishdestroy.io/domain/exxodas-web3.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/exxodas-web3.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/exxodas-web3.pages.dev/
Last updated: 2026-03-22