# home-exadua-us.pages.dev — SUSPICIOUS

> home-exadua-us.pages.dev is being investigated for Amazon Gift Card phishing with 0/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy identifies the domain home-exadua-us.pages.dev as an active Amazon Gift Card phishing campaign under investigation. The threat type is generic phishing, with no specific brand or drainer kit explicitly confirmed in current intelligence. The domain is hosted on Cloudflare Pages, leveraging Google Trust Services SSL certificates to appear legitimate. Initial analysis suggests the campaign impersonates Amazon to deceive users into providing gift card details or sensitive information under false pretenses. The infrastructure remains operational, with the domain resolving to IP 172.66.44.230. This investigation is ongoing, and additional indicators may be added as new data emerges from threat intelligence feeds.


Technical indicators for home-exadua-us.pages.dev include a VirusTotal detection score of 0/95, indicating no current blacklisting or signature-based detection across major antivirus engines. The domain was registered through Cloudflare, Inc., a common provider for phishing infrastructure due to its abuse-resistant hosting policies. The domain resolves to IP address 172.66.44.230, which is part of Cloudflare’s IP range and may be shared across multiple legitimate and malicious services. At the time of writing, Google Safe Browsing (GSB) has not flagged this domain, and no public blocklist entries are associated with it. The domain was created recently, though the exact creation date is not disclosed in available records. The lack of detections suggests this campaign is either very new or carefully crafted to evade initial scrutiny.


The current status of home-exadua-us.pages.dev is active, with the phishing campaign operational and no confirmed takedown actions initiated. PhishDestroy recommends immediate caution when encountering this domain, as it poses a credible threat to users expecting legitimate Amazon services. Security teams and end users should block access to the domain at the network or endpoint level if detected. The remaining risk is classified as 'under_investigation,' meaning further analysis is required to determine the full scope of the campaign, including potential data exfiltration mechanisms or additional malicious domains. Users are advised to report any interactions with this domain to their security teams or through PhishDestroy’s submission portal for further analysis.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.230

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/a887793f-84d9-40c4-9597-3961cb6aeabb
- PhishDestroy: https://phishdestroy.io/domain/home-exadua-us.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/home-exadua-us.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/home-exadua-us.pages.dev/
Last updated: 2026-03-21