# omniart-appp.pages.dev — SUSPICIOUS

> omniart-appp.pages.dev pushes a phishing kit mimicking ArtStation. Hosted on Cloudflare via IP 188.114.97.3. Avoid login attempts and block the IP immediately.

## Summary
PhishDestroy identifies omniart-appp.pages.dev as actively distributing a fraudulent login kit designed to impersonate ArtStation, a major online art community.  omniart-appp.pages.dev is currently active and was flagged by 0 of 95 VirusTotal vendors at the time of analysis. The domain is registered through Cloudflare, Inc., resolves to IP address 188.114.97.3, and operates under a Google Trust Services SSL certificate. This configuration obscures hosting details and allows the attacker to rapidly deploy and conceal the phishing infrastructure.  The site must be treated as a confirmed phishing vector targeting artists and creatives. Users are strongly advised to avoid clicking any links, refrain from entering credentials, and block traffic to IP 188.114.97.3 via firewall or network rules. Report the domain to your browser vendor and relevant art platforms to aid in takedown efforts. Monitor for typosquatting variants involving ‘omniart’ or ‘app’ prefixes.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/2d81246a-bdf4-42b6-819f-079497a876c4
- PhishDestroy: https://phishdestroy.io/domain/omniart-appp.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/omniart-appp.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/omniart-appp.pages.dev/
Last updated: 2026-03-22