# ex-odsweb-nav.pages.dev — SUSPICIOUS

> ex-odsweb-nav.pages.dev hosts a crypto drainer campaign with 0/95 VirusTotal detections. Check your wallet and disconnect any connected apps immediately.

## Summary
PhishDestroy identifies ex-odsweb-nav.pages.dev as an active crypto drainer with a high-risk profile still under investigation. This Cloudflare-hosted domain (registered through Cloudflare, Inc.) resolves to IP 188.114.97.3 and operates under a Google Trust Services SSL certificate, suggesting an attempt to appear legitimate. Despite zero VirusTotal detections (0/95), the domain’s seed indicator (645d69) flags it as suspicious for potential credential theft or fraudulent transactions targeting cryptocurrency users.  This domain was flagged as a generic phishing site with a crypto drainer payload, specifically designed to siphon assets from victims’ wallets. The infrastructure (Cloudflare, Google Trust Services SSL) indicates evasion tactics, while the lack of detections reflects the domain’s recent emergence or low signature coverage by security tools. Registrar data and hosting details align with common phishing-as-a-service patterns, where attackers abuse legitimate services to host malicious content.  If you visited ex-odsweb-nav.pages.dev, disconnect any cryptocurrency wallet extensions immediately and revoke permissions via your wallet’s official interface. Do not enter seed phrases or private keys, and scan your device for malware. Report the domain to your antivirus provider and share indicators with PhishDestroy’s database to aid ongoing investigations.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ef2e1659-0d80-4378-8b41-36ffaaa7a04e
- PhishDestroy: https://phishdestroy.io/domain/ex-odsweb-nav.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ex-odsweb-nav.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ex-odsweb-nav.pages.dev/
Last updated: 2026-03-22