# web-exuodus.pages.dev — SUSPICIOUS

> PhishDestroy identifies web-exuodus.pages.dev as a fake Exodus wallet site pushing a malicious Windows installer.

## Summary
PhishDestroy identifies web-exuodus.pages.dev as an active, elevated-risk site engaged in a generic phishing campaign designed to impersonate legitimate cryptocurrency wallet services and trick users into surrendering private keys or downloading malicious software.

This domain was flagged by PhishDestroy after one security vendor out of 95 on VirusTotal detected malicious content hosted at web-exuodus.pages.dev. The domain is registered through Cloudflare, Inc., resolving to IP address 188.114.96.3 and secured with a Google Trust Services SSL certificate. Historical records and community blocklists show repeated redirections to counterfeit Exodus wallet download pages, with the campaign leveraging Cloudflare Pages to rapidly deploy fresh subdomains and evade takedown efforts.

Users encountering web-exuodus.pages.dev should immediately cease all interaction, avoid clicking any download buttons, and verify the authenticity of any “Exodus” communications by visiting the official website (exodus.com) using a manually typed URL or trusted bookmark. Because the site uses a valid Google Trust Services certificate, browser warnings will not appear; rely instead on behavioral cues such as mismatched branding, unsolicited links, or requests to download wallet software outside of official channels. Report the domain to your antivirus provider and to PhishDestroy to help block future iterations of this campaign.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/web-exuodus.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/web-exuodus.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/web-exuodus.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/web-exuodus.pages.dev/
Last updated: 2026-04-09