# exxods.pages.dev — MALICIOUS

> exxods.pages.dev is under investigation for phishing activity. Avoid interacting with this domain to protect your personal data and accounts.

## Summary
PhishDestroy identifies exxods.pages.dev as a potentially malicious domain involved in generic phishing activity. Currently classified as under investigation, this domain has been flagged due to suspicious usage patterns consistent with phishing campaigns targeting unsuspecting users.

Technically, exxods.pages.dev is registered through Cloudflare, Inc. and resolves to IP address 188.114.97.3. Despite no detections from VirusTotal’s 95 security vendors, the domain’s registration via a privacy-focused platform and its hosting infrastructure raise concerns. The Cloudflare-hosted page title, “Suspected phishing site,” further supports ongoing scrutiny.

This phishing threat remains active and under analysis by threat intelligence teams. Users are advised to avoid visiting or interacting with exxods.pages.dev until further notice. PhishDestroy continues monitoring for new indicators and will update the status as more information becomes available.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-03-09 13:07:02
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 188.114.97.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: jobs.ns.cloudflare.com opal.ns.cloudflare.com
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 10 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Lionic", "Phishing Database", "Sophos"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cd26d-8d85-761d-aade-69d419e4a7fa.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/26ab6b10-68da-45ff-840b-65784f8e4469
- PhishDestroy: https://phishdestroy.io/domain/exxods.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/exxods.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/exxods.pages.dev/
Last updated: 2026-03-19