# officals-exo-us.pages.dev — SUSPICIOUS

> PhishDestroy flags officals-exo-us.pages.dev as credential theft phishing, 0/95 VirusTotal detections. Act now to block access.

## Summary
PhishDestroy identifies officals-exo-us.pages.dev as an active credential theft domain designed to harvest user login details. The domain mimics official branding, likely targeting crypto or financial service users. No specific drainer kit has been confirmed, but the page structure suggests a fake login portal designed for immediate credential capture and exfiltration. The threat is currently classified as active and under investigation, with no confirmed attribution to a known threat actor group at this time.

Technical indicators for officals-exo-us.pages.dev include a VirusTotal detection score of 0/95, indicating no antivirus or security vendor has flagged the domain as malicious. The domain resolves to IP address 172.66.44.60 and is registered through Cloudflare, Inc. The SSL certificate is issued by Google Trust Services, which may be leveraged to appear legitimate. No creation date is publicly available, and the domain remains unlisted on Google Safe Browsing (GSB) and major blocklists as of the latest scan. The lack of detections suggests either a newly deployed or highly evasive threat.

The domain remains active with a status of 'under_investigation' and poses a moderate but evolving risk. Immediate action is recommended: block the domain at the network and DNS levels, alert users who may have accessed the site, and monitor for associated IP addresses or subdomains. While the current risk is not extreme due to the zero detection rate, the absence of flags increases the potential for successful exploitation. Users should verify URLs manually and avoid entering credentials on untrusted pages.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.60

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c8ad8df0-27a3-45de-a87a-70fc90607ddd
- PhishDestroy: https://phishdestroy.io/domain/officals-exo-us.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/officals-exo-us.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/officals-exo-us.pages.dev/
Last updated: 2026-03-21