# official-exo-io.pages.dev — SUSPICIOUS

> official-exo-io.pages.dev is a crypto drainer site flagged by 3 of 95 VirusTotal vendors. Avoid interactions to prevent credential and asset theft.

## Summary
PhishDestroy identifies official-exo-io.pages.dev as hosting an active crypto drainer campaign. This domain is currently live and engaged in malicious activity targeting cryptocurrency users. The threat involves the unauthorized extraction of wallet credentials and digital assets through deceptive web interfaces designed to mimic legitimate crypto service providers. Users accessing this domain risk irreversible financial loss due to fraudulent transaction approvals and private key compromise. Immediate avoidance and reporting are strongly advised to prevent exposure.


This domain was flagged by 3 of 95 VirusTotal security vendors, indicating limited but confirmed detection across the threat intelligence landscape. It resolves to IP address 188.114.96.3 and is registered through Cloudflare, Inc. The SSL certificate is issued by Google Trust Services, providing false legitimacy to unsuspecting visitors. While the domain's creation date is not disclosed in available records, its recent operational status confirms active deployment within the current threat landscape. The low VirusTotal detection rate suggests this campaign may leverage evasion techniques or recent infrastructure deployment to bypass traditional defenses. The discrepancy between the SSL trust provider and the malicious intent underscores the sophistication of modern phishing operations.


This domain is classified with an elevated risk level and remains active as of the latest intelligence update. The primary threat involves credential theft and unauthorized cryptocurrency transactions, facilitated through a fraudulent interface designed to deceive users into connecting their digital wallets. Due to the irreversible nature of blockchain transactions, users who interact with this domain risk permanent financial loss. It is critical to block this domain at the network and endpoint levels and to disseminate this intelligence across security teams and user communities. Additionally, users should verify the authenticity of crypto-related domains through official channels and utilize hardware wallets for transaction signing. Security teams are advised to monitor for connections to IP 188.114.96.3 and associated network artifacts. Immediate action includes updating firewall rules, email filters, and threat intelligence feeds to include this domain and its infrastructure indicators.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/0638e0ab-aa05-4320-afb8-f6d47b4be279
- PhishDestroy: https://phishdestroy.io/domain/official-exo-io.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/official-exo-io.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/official-exo-io.pages.dev/
Last updated: 2026-03-22