# wobs.pages.dev — SUSPICIOUS

> wobs.pages.dev identified as a generic phishing domain hosting a crypto drainer. 0/95 VirusTotal detections. Act now.

## Summary
PhishDestroy identifies wobs.pages.dev as an active generic phishing domain currently under investigation for crypto drainer operations. The domain leverages Cloudflare Workers to deliver malicious payloads designed to deplete cryptocurrency wallet funds without user consent. Given its SSL certificate from Google Trust Services and lack of detections on VirusTotal, this threat demonstrates evasive tactics while remaining in early stages of propagation.


This domain was flagged with a unique seed identifier b5ed01 and resolves to IP 188.114.96.3. VirusTotal analysis shows 0 detections out of 95 engines, indicating low detection coverage. The domain is registered through Cloudflare, Inc., which provides both hosting and anonymity services. The Google Trust Services SSL certificate adds a layer of legitimacy, potentially tricking users into trusting the malicious content. No known blocklist entries currently flag this domain, allowing continued operation.


Organizations should immediately block wobs.pages.dev at DNS and network levels to prevent cryptocurrency theft. Users accessing crypto services should verify domains via official channels and disable auto-fill wallet connections. Implementing browser-based crypto wallet protection extensions may prevent drainer scripts from executing. Security teams are advised to monitor for similar domains leveraging Cloudflare Workers infrastructure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/wobs.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/wobs.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/wobs.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/wobs.pages.dev/
Last updated: 2026-04-03