# exxodus-en-web.pages.dev — MALICIOUS

> exxodus-en-web.pages.dev hosts a crypto drainer targeting wallet credentials. VirusTotal flags this domain with 5/95 detections. Block now to protect assets.

## Summary
PhishDestroy identifies exxodus-en-web.pages.dev as an active crypto drainer impersonating legitimate platforms to siphon cryptocurrency from unsuspecting users. This domain poses an elevated risk due to its deceptive nature, specifically designed to steal wallet credentials and drain digital assets. The threat actor leverages Cloudflare’s infrastructure to host a convincing replica of a well-known service, tricking victims into connecting their wallets and authorizing fraudulent transactions.  This domain was flagged by 5 out of 95 security vendors on VirusTotal, indicating partial but not universal detection. Registered through Cloudflare, Inc., it resolves to IP address 172.66.47.3, which is associated with Cloudflare’s hosting infrastructure. The domain utilizes a Google Trust Services SSL certificate, adding a veneer of legitimacy that could mislead less vigilant users. While specific creation or blocklist data isn’t provided, the low detection ratio suggests it may be newly emerged or strategically evasive.  Mitigation requires immediate action: block the domain exxodus-en-web.pages.dev at the network perimeter and instruct users to avoid interacting with it. If users have already accessed the site, advise them to revoke any wallet connections, transfer assets to a new wallet, and scan for malware. Organizations should update firewall rules, DNS sinkholes, and endpoint protection solutions to include this domain as a known threat. Proactive threat hunting for similar domains may reveal additional infrastructure linked to this campaign.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.3

## Detection Status
- VirusTotal: 5 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/d311e0ca-9085-49ce-89d5-64bbefc97ab4
- PhishDestroy: https://phishdestroy.io/domain/exxodus-en-web.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/exxodus-en-web.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/exxodus-en-web.pages.dev/
Last updated: 2026-03-22