# omniart.pages.dev — SUSPICIOUS

> PhishDestroy identifies omniart.pages.dev as a brand impersonation phishing site. This fraudulent page mimics legitimate brands and bypasses initial VirusTotal.

## Summary
PhishDestroy identifies omniart.pages.dev as an active brand impersonation scam posing as legitimate artistic services. The domain leverages Cloudflare Pages to host a deceptive interface, likely targeting users searching for digital art platforms or services. Evidence suggests the operator uses credential theft tactics, although the exact kit remains under analysis. The campaign mirrors high-profile impersonations seen in recent NFT and creative platform phishing operations, with visual assets and branding closely replicated to deceive visitors.

Technical indicators confirm the threat’s operational status: VirusTotal reports 0/95 detections as of initial assessment, indicating evasion of signature-based detection. The domain is registered through Cloudflare, Inc., resolving to IP 188.114.96.3, and secured with a Google Trust Services SSL certificate. While creation timestamps and blocklist participation are still under investigation, the absence of detections on major threat feeds signals early-stage operation or advanced evasion techniques.

The domain remains active with an "under_investigation" risk status. Current response includes domain monitoring and user advisories; however, the lack of blocklisting highlights a critical window for exploitation. Until proactive blocking is implemented, users face elevated risk of credential compromise or financial loss. PhishDestroy recommends immediate domain blacklisting, network-level blocking, and heightened scrutiny for traffic originating from this IP or associated infrastructure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/952059fa-3883-4313-96a6-ec4078aedcde
- PhishDestroy: https://phishdestroy.io/domain/omniart.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/omniart.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/omniart.pages.dev/
Last updated: 2026-03-22