# officials--exo-us.pages.dev — SUSPICIOUS

> officials--exo-us.pages.dev hosts a brand impersonation scam exploiting 'Exodus' crypto wallet credentials. VirusTotal shows 0/95 detections.

## Summary
PhishDestroy identifies officials--exo-us.pages.dev as an active brand impersonation scam targeting users of the Exodus cryptocurrency wallet. The domain leverages a fraudulent Exodus login portal to harvest credentials and drain crypto assets. The page is hosted on a Cloudflare Pages subdomain, indicating an attempt to appear legitimate while concealing infrastructure ties to known phishing toolkits.

This domain exhibits the following technical indicators: it resolves to IP 188.114.97.3, is registered through Cloudflare, Inc., and uses a Google Trust Services SSL certificate. VirusTotal currently shows 0/95 detection engines flagging the domain, and the site remains unlisted on Google Safe Browsing (GSB) as of initial analysis. The domain was created recently and has not yet accumulated significant blocklist presence, suggesting early-stage deployment.

The campaign is actively live and remains under investigation. Immediate actions include domain blocking at DNS/network levels, user advisories for wallet credential validation, and submission to threat intelligence feeds to increase detection coverage. Remaining risk is high due to low detection rates and active credential harvesting. Users are advised to verify URLs manually and avoid entering sensitive information on unofficial domains.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/7dc90771-f7b0-49ba-a8a9-abb90cc3b2d0
- PhishDestroy: https://phishdestroy.io/domain/officials--exo-us.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/officials--exo-us.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/officials--exo-us.pages.dev/
Last updated: 2026-03-21