# home--exo--x-en.pages.dev — SUSPICIOUS

> PhishDestroy identifies home--exo--x-en.pages.dev as a crypto drainer phishing page. VT score: 3/95. Check the full report.

## Summary
PhishDestroy identifies home--exo--x-en.pages.dev as an active generic phishing domain leveraging a crypto exchange drainer kit to harvest credentials and cryptocurrency. The domain mimics legitimate cryptocurrency exchange login interfaces to deceive users into entering sensitive wallet information or authentication credentials. This page is part of a broader campaign targeting users via deceptive links distributed through phishing emails, social media messages, or spoofed websites. The threat actor behind this campaign employs a drainer script embedded within the page to siphon cryptocurrency from victims' wallets upon unauthorized access.

This domain was flagged by PhishDestroy with an elevated risk classification. VirusTotal analysis shows a detection ratio of 3/95 security vendors, indicating limited but present recognition of its malicious nature. The domain is registered through Cloudflare, Inc., and resolves to IP address 188.114.97.3. It operates under a Google Trust Services SSL certificate, which may be used to lend an air of legitimacy. The domain is hosted on Cloudflare Pages, a platform often exploited by threat actors for quick deployment and evasion of takedown efforts. Google Safe Browsing (GSB) has not yet flagged this domain, and further blocklist checks reveal no immediate listings in major threat intelligence platforms. The domain's age and creation date remain unverified in open-source intelligence, suggesting recent deployment as part of an ongoing campaign.

As of the latest assessment, the domain remains active and accessible, with no confirmed takedown actions by hosting providers or law enforcement. Users and organizations are advised to avoid interacting with this domain and to report any encounters to their security teams or via PhishDestroy's reporting tools. The elevated risk level indicates a moderate threat potential, particularly for users with cryptocurrency holdings or those accustomed to logging into financial platforms. To mitigate exposure, security teams should implement network-level blocking of the IP address and domain, and users should verify website authenticity through official channels before entering sensitive information. The remaining risk is elevated due to the domain's active status and the potential for further campaign expansion.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/2628f48b-709d-4e07-9cee-805fe8c4c14e
- PhishDestroy: https://phishdestroy.io/domain/home--exo--x-en.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/home--exo--x-en.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/home--exo--x-en.pages.dev/
Last updated: 2026-03-22