# walletapp-exodus.pages.dev — MALICIOUS

> walletapp-exodus.pages.dev impersonates Exodus wallet in a high-risk phishing attempt. Learn how this domain was detected and mitigated.

## Summary
PhishDestroy identifies walletapp-exodus.pages.dev as a high-risk phishing domain impersonating the Exodus brand. The site was designed to deceive users seeking the legitimate Exodus wallet service, aiming to harvest sensitive credentials or financial information. This campaign leveraged brand trust to increase victim engagement, posing significant risk to users familiar with Exodus.

The domain was registered via Cloudflare, Inc. on February 21, 2026, and resolved to the IP address 172.66.45.10. It appeared on two distinct security blocklists and was flagged by 14 out of 95 VirusTotal security vendors, signaling widespread recognition of its malicious intent. The page title detected on the domain was "Suspected phishing site | Cloudflare," indicating the hosting provider's identification of the threat. Such infrastructure details emphasize the domain's tactics to capitalize on reputable web services for malicious purposes.

Currently, walletapp-exodus.pages.dev is offline and no longer serving phishing content, mitigating immediate risk. Users are advised to remain vigilant for any similar URLs mimicking Exodus or other trusted brands. It is recommended that users verify domain authenticity before entering credentials, rely on official app stores or verified websites, and maintain up-to-date security solutions. PhishDestroy continues monitoring for potential resurgence or related phishing threats associated with this unique seed bf3b2b.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Exodus
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.45.10
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["destiny.ns.cloudflare.com", "huxley.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ChainPatrol", "Criminal IP", "alphaMountain.ai", "BitDefender", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "Lionic", "Phishtank", "Sophos", "VIPRE"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bec4a-bdc1-7743-9e95-6a232d6ef2d0.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/d65bf1cd-1f10-455e-a7f5-ff2dc6573b76
- PhishDestroy: https://phishdestroy.io/domain/walletapp-exodus.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/walletapp-exodus.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/walletapp-exodus.pages.dev/
Last updated: 2026-03-19