# webv2-8zh.pages.dev — SUSPICIOUS

> PhishDestroy identifies webv2-8zh.pages.dev as a crypto drainer phishing domain. This malicious site steals wallet credentials—verify before interacting.

## Summary
PhishDestroy has identified webv2-8zh.pages.dev as an active crypto drainer phishing domain posing an elevated risk to users. This threat specifically targets cryptocurrency wallet users by impersonating legitimate services to trick victims into connecting their wallets and authorizing malicious transactions. The domain leverages Cloudflare’s Pages platform to host its payload while abusing Google Trust Services certificates to appear authentic. With only one detection out of 95 VirusTotal vendors, this site exemplifies stealthy, targeted phishing operations designed to bypass traditional security layers.

This domain was flagged by ScamSniffer and resolves to IP 188.114.96.3, operated under Google Trust Services’ SSL infrastructure. Registered through Cloudflare, Inc., the domain has been added to one security blocklist, indicating prior malicious associations. Despite its low detection ratio (1/95 on VirusTotal as of the latest scan), the combination of legitimate hosting infrastructure and targeted phishing behavior makes it particularly dangerous. The use of Cloudflare Pages and Google certificates adds legitimacy, while the low vendor detection suggests this campaign may be newly deployed or highly targeted, evading broad detection engines.

To mitigate risk, users must avoid interacting with this domain entirely. If you’ve accessed this site, disconnect your wallet immediately and revoke any unauthorized permissions. Enable transaction simulation tools and use hardware wallets for critical operations. Report the domain to PhishDestroy for active takedown and share indicators with your security team. Monitor wallet connections daily and educate teams on recognizing crypto drainer tactics, including fake login portals and wallet connection prompts. Deploy real-time blocklists and browser extensions like ScamSniffer to prevent future exposures.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["ScamSniffer"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f90b2e7d-fbd0-4793-abf1-0b804ca01459
- PhishDestroy: https://phishdestroy.io/domain/webv2-8zh.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/webv2-8zh.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/webv2-8zh.pages.dev/
Last updated: 2026-03-21