# finance-openoccean-us-io.pages.dev — SUSPICIOUS > PhishDestroy identifies finance-openoccean-us-io.pages.dev as a crypto drainer impersonating financial services. VirusTotal shows 0/95 detections. ## Summary PhishDestroy identifies the domain finance-openoccean-us-io.pages.dev as a live cryptocurrency-draining campaign masquerading as a legitimate financial-services portal. The site leverages Cloudflare Pages to host a spoofed interface that prompts visitors to connect cryptocurrency wallets and sign malicious transactions. Once a wallet is linked, the drainer silently approves token-transfer approvals and drains balances without further user interaction. All traffic is routed through Cloudflare’s proxy network (AS13335) to obscure origin infrastructure and evade takedowns while utilizing Google Trust Services certificates to appear trustworthy. Technical indicators and threat assessment reveal a newly active operation with zero detections on VirusTotal (0/95 engines) as of seed 1a67c7. The domain resolves to IP address 188.114.96.3 via Cloudflare Pages and is registered through Cloudflare, Inc., indicating bulletproof hosting designed to prolong availability. Current blocklist coverage is incomplete, allowing the campaign to persist undetected by most threat-intelligence platforms. The SSL certificate issued by Google Trust Services further enhances credibility, lowering user suspicion when entering wallet credentials or signing transactions. If you visited finance-openoccean-us-io.pages.dev or entered any information, immediately revoke all wallet-approval permissions via your wallet’s connection manager or blocklist feature. Transfer remaining funds to a newly generated wallet address not linked to the compromised one. Clear browser cache and cookies, then run a full antivirus scan. Report the domain to your wallet provider and file an incident with local cybercrime units. Stay alert for follow-on spear-phishing emails referencing this incident. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/finance-openoccean-us-io.pages.dev - PhishDestroy: https://phishdestroy.io/domain/finance-openoccean-us-io.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/finance-openoccean-us-io.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/finance-openoccean-us-io.pages.dev/ Last updated: 2026-04-10