# mail-exodus.com — SUSPICIOUS

> PhishDestroy identifies mail-exodus.com as a live Microsoft 365 phishing domain. 3 of 95 VirusTotal vendors flagged this site. Check the full report.

## Summary
PhishDestroy identifies mail-exodus.com, a live domain actively distributing Microsoft 365 credential phishing lures. The current status is elevated and active as of seed 64a956.  

This domain was flagged by 3 of 95 VirusTotal security vendors, registered through OwnRegistrar, Inc., and resolves to IP 103.224.182.252. The domain was created on March 11, 2025, and currently shows no presence on major public blocklists while maintaining low trust scores across multiple engines.  

Current status remains elevated and active; no takedown actions have been recorded. Immediate recommendations include blocking the domain and IP at network perimeter, flagging emails referencing this domain for quarantine, and updating browser blocklists. Users should avoid clicking links or entering credentials on mail-exodus.com and report any encounters to their security team for forensic review under seed 64a956.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-03-11 14:50:45
- Registrar: OwnRegistrar, Inc.
- IP: 103.224.182.252

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/2dedd3b3-568c-4ae6-a540-34c39cf55acd
- PhishDestroy: https://phishdestroy.io/domain/mail-exodus.com/
- LLM endpoint: https://phishdestroy.io/domain/mail-exodus.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/mail-exodus.com/
Last updated: 2026-03-22