# bobaopro.blog — SUSPICIOUS

> PhishDestroy identifies bobaopro.blog as a crypto drainer impersonating Boba Network. VT 0/95 detections, domain registered July 2025 via Gname.

## Summary
PhishDestroy has flagged bobaopro.blog as an active crypto drainer impersonating the Boba Network project, a Layer 2 Ethereum scaling solution. The domain leverages brand deception to trick users into connecting crypto wallets under the guise of legitimate Boba-related services. Threat actors are likely distributing fraudulent links via social media, Discord, or phishing emails to drain assets from unsuspecting users. No evidence yet links this campaign to a known drainer kit (e.g., Venom, Angel Drainer), suggesting a custom or emerging payload designed to exploit wallet signatures and token approvals.  

This domain exhibits multiple red flags. It was registered through Gname.com Pte. Ltd on July 15, 2025 — an alarmingly recent creation suggesting opportunistic setup. Resolving to IP 104.21.28.201, the site currently shows no detections (0/95) on VirusTotal and holds a valid SSL certificate from Google Trust Services. Despite the absence of AV or browser blocklist flags, the domain’s age and lack of organic reputation make it highly suspicious. As of this report, it remains unlisted on Google Safe Browsing (GSB), indicating a critical detection delay from major defenses.  

The threat remains active and evolving. PhishDestroy classifies the risk as under_investigation due to evolving tactics, but immediate user exposure is high given the domain’s recent activation and clear branding abuse. Users are advised to avoid visiting bobaopro.blog, verify all Boba Network communications via official channels, and report any suspicious links. Organizations should add bobaopro.blog and 104.21.28.201 to blocklists. Ongoing monitoring is required as this domain may rapidly shift infrastructure or integrate more sophisticated phishing payloads.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-07-15 08:57:36
- Registrar: Gname.com Pte. Ltd.
- IP: 104.21.28.201

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/30c51d2f-364f-45a8-8c5a-4c8e074ef4e7
- PhishDestroy: https://phishdestroy.io/domain/bobaopro.blog/
- LLM endpoint: https://phishdestroy.io/domain/bobaopro.blog/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bobaopro.blog/
Last updated: 2026-03-21