# xosdeusweb.pages.dev — MALICIOUS

> High-risk phishing domain xosdeusweb.pages.dev impersonates Exodus wallet. Stay vigilant and avoid interaction to protect your assets.

## Summary
PhishDestroy has identified the domain xosdeusweb.pages.dev as a high-risk phishing site engaging in brand impersonation targeting the Exodus Web3 Wallet. Registered on March 9, 2026, this domain was designed to deceive users by mimicking the legitimate Exodus brand, using a page title that reads 'Exodus Web3 Wallet | Secure' to lend an appearance of authenticity. The impersonation tactic aims to trick individuals into disclosing sensitive information or compromising their cryptocurrency wallets.

Technical analysis reveals that the domain was registered through Cloudflare, Inc., a popular registrar often leveraged for rapid deployment of fraudulent sites. The domain resolved to IP address 188.114.96.3 and was flagged on two distinct security blocklists, indicating prior recognition of malicious activity. Additionally, 15 out of 95 security vendors on VirusTotal identified suspicious elements associated with this domain, reinforcing its threat profile. These indicators collectively underscore the domain’s intent to conduct phishing attacks under the guise of the Exodus brand.

Currently, the domain xosdeusweb.pages.dev has been taken offline, effectively neutralizing the immediate risk to users. PhishDestroy recommends continued monitoring of similar domains and vigilance against brand impersonation scams in the cryptocurrency space. Users are advised to verify URLs carefully and access Exodus wallets only through official channels to prevent falling victim to such deceptive schemes.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Exodus
- Page title: Exodus Web3 Wallet | Secure

## Domain Intelligence
- Registered: 2026-03-09 13:07:02
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 188.114.96.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: rodrigo.ns.cloudflare.com tessa.ns.cloudflare.com
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "BitDefender", "CyRadar", "ESET", "Emsisoft", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Netcraft", "Phishing Database", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://i.ibb.co/DcgQKCQ/d83b44346830.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/e3593512-b09b-4b54-8cce-67e9de61d6ab
- PhishDestroy: https://phishdestroy.io/domain/xosdeusweb.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/xosdeusweb.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/xosdeusweb.pages.dev/
Last updated: 2026-03-19