PHSH

Exodus Phishing Review 2026: web-us-exdos.pages.dev Shadow Portal Exposed

Forensic Trust Rating: 1.0 / 5 Threat Level: CRITICAL

Target Entity: EXODUS WALLET (IMPERSONATION)

Our forensic analysts have identified web-us-exdos.pages.dev as an active shadow portal participating in a global phishing campaign targeting Exodus Wallet users. The domain utilizes Cloudflare Pages infrastructure to bypass traditional web filters and features a "typosquatted" URL (exdos vs. exodus). This portal serves as a landing page for malicious ads, designed to trick victims into downloading compromised browser extensions or revealing their 12-word recovery phrases.

Forensic Trust Score
1 / 100 — MALICIOUS PHISHING — Active Wallet Drainer

Phishing Site at a Glance

Portal Type Shadow Phishing Landing Page
Attack Vector Google Search Ads / Social Media Baiting
Primary Red Flag Abuse of .pages.dev (Cloudflare Pages)
Impersonated Brand Exodus Wallet
Malicious URL web-us-exdos.pages.dev
Risk Status ⚠ EXTREME RISK — SEED PHRASE HARVESTING

Technical Analysis: web-us-exdos.pages.dev

1
Trust Score

⚠ MALICIOUS PHISHING ALERT

This is not an official Exodus Wallet domain. It is a fraudulent portal designed to harvest private keys and deploy wallet-draining malware. Interaction with this site will lead to the total loss of digital assets.

The domain web-us-exdos.pages.dev is a textbook example of "Shadow Portal Phishing." Scammers use free hosting services like Cloudflare Pages to launch temporary landing pages that are difficult for automated scanners to flag immediately. These pages are then promoted through paid search ads that appear when users search for keywords like "Exodus Wallet Extension" or "Exodus Support."

Documented Red Flags

  • Typosquatting: The URL uses "exdos" instead of the correct spelling "exodus." This is a classic tactic used to deceive users who are scanning URLs quickly.
  • Hosting Abuse: The use of .pages.dev is a major indicator of a non-official corporate site. Major financial institutions and software developers (like Exodus Movement, Inc.) use dedicated .com or .io domains with high-reputation history.
  • Search Ad Hijacking: Victims often reach this site via "Sponsored" results on search engines. These ads bypass organic rankings to place malicious links above the legitimate site.

Public Safety Advisory: Seed Phrase Protocol

No legitimate wallet provider, including Exodus, will ever ask you to enter your 12-word seed phrase on a website. Official updates and downloads should only be performed through exodus.com or your device's official app store (Google Play / Apple App Store).

Known Phishing Tactics

Seed Phrase Harvesting Forms that prompt users to "Verify" their wallet by entering their recovery phrase.
Malicious Extensions Directing users to "clone" extensions in the Chrome Web Store that act as keyloggers.
Drainer Scripts Interaction with Web3 buttons that request permissions to transfer all tokens from a connected wallet.

Exodus Scam Recovery FAQ

My wallet was drained after visiting this site. Can I get my money back?

Cryptocurrency transactions are immutable. However, the stolen funds can often be traced to centralized exchanges. Our forensic team specializes in tracking these flows to identifying the "off-ramp" where the attacker cashes out. Contact us for a forensic tracing consultation →

How do I know if I'm on the real Exodus site?

Always check the URL bar. The official site is https://www.exodus.com. Any variation (exdos, exoduss, exoduus, or domains ending in .pages.dev / .netlify.app) is a scam.

Forensic Blacklist Status

Status: ACTIVE PHISHING PORTAL
Impersonation: Exodus Wallet
Infrastructure: Cloudflare Pages (Abuse)
Date Flagged: April 2026

Wallet Compromised by Exodus Phishing?

If you entered your seed phrase or connected your wallet to a suspicious portal, time is your most valuable asset. Our blockchain forensic analysts can trace the stolen wealth and help you coordinate with authorities and exchanges to freeze the attacker's accounts.

Chat on Signal Free Case Evaluation