# io-exodus-login.pages.dev — MALICIOUS

> io-exodus-login.pages.dev used for credential phishing. Learn why it’s dangerous and what actions to take to protect your accounts.

## Summary
PhishDestroy identifies io-exodus-login.pages.dev as a high-risk credential phishing domain designed to steal user login details. This type of threat is particularly dangerous as it can lead to unauthorized access to personal and financial accounts, posing serious security and privacy risks.

The domain was registered on February 21, 2026, through Cloudflare, Inc., and has been flagged by multiple security vendors and blocklists before being taken offline. Hosting on a pages.dev subdomain suggests abuse of legitimate cloud infrastructure to lend false credibility and bypass filters.

Users should avoid interacting with this domain or submitting any information if encountered. It is recommended to verify URLs carefully, enable multi-factor authentication wherever possible, and report suspicious sites to relevant security services. Staying vigilant is crucial to prevent credential theft and maintain account security.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Exodus
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.94
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["opal.ns.cloudflare.com", "craig.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "Ermes", "ESET", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ccd58-010c-721f-bf59-c7ef67cbdb4b.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/f3314c36-4efa-4d63-b8a2-e66ac930fcda
- PhishDestroy: https://phishdestroy.io/domain/io-exodus-login.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/io-exodus-login.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/io-exodus-login.pages.dev/
Last updated: 2026-03-19