# shushshsh.pages.dev — SUSPICIOUS

> shushshsh.pages.dev is a crypto draining phishing site hosted on Cloudflare with 0/95 VirusTotal detections; avoid all links and report immediately to your SOC.

## Summary
PhishDestroy identifies shushshsh.pages.dev as an active generic phishing domain currently under investigation for suspected cryptocurrency wallet draining operations. The campaign exhibits no overt branding affiliation and leverages a disposable Pages.dev subdomain, indicative of a low-cost, high-volume phishing strategy targeting unsuspecting users. No drainer kit artifacts have been publicly shared to date, suggesting either a new toolkit deployment or an obfuscated payload staged for future campaigns.  This domain resolves to 188.114.96.3, a Cloudflare-registered endpoint, and is served over an SSL certificate issued by Google Trust Services. VirusTotal currently scores the site at 0/95 detections with no anti-virus engines flagging the URL, highlighting a gap in signature-based detection coverage. The domain was created via Cloudflare, Inc. and is hosted on Cloudflare’s edge network, enabling rapid rotation and low infrastructure cost typical of opportunistic phishing operations. Google Safe Browsing and public blocklist status remain unconfirmed, increasing the likelihood of exposure to end-users.  The current status of shushshsh.pages.dev is active, with continued monitoring by SOC teams and browser vendors. Users are advised to block the domain at DNS and firewall levels and to report any sightings to their security operations centers immediately. The residual risk remains elevated due to the lack of detection coverage and the domain’s infrastructure agility, posing a credible threat to individuals or organizations interacting with unsolicited links or QR codes associated with cryptocurrency transactions.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c84f1e01-f667-436d-9c4f-d838d7320e16
- PhishDestroy: https://phishdestroy.io/domain/shushshsh.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/shushshsh.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/shushshsh.pages.dev/
Last updated: 2026-03-26