# reformmembershipcert.wasmer.app — SUSPICIOUS > Beware reformmembershipcert.wasmer.app—a crypto drainer impersonating Wasmer App credentials. VirusTotal shows 0/95 detections. Avoid this domain immediately. ## Summary PhishDestroy identifies reformmembershipcert.wasmer.app as an active crypto drainer impersonating Wasmer App membership credentials, currently under investigation by security teams. This domain leverages brand impersonation to trick users into connecting crypto wallets or submitting sensitive login details under the guise of a legitimate Wasmer App certificate. The threat is amplified by its use of a Let's Encrypt SSL certificate, which may lull visitors into a false sense of security by displaying the familiar padlock icon in browsers. With Google Safe Browsing already flagging it under SOCIAL_ENGINEERING and zero detections on VirusTotal (0/95), the domain remains undetected by many security engines, increasing its potential to deceive users. Technical indicators further confirm the suspicious nature of this domain. It resolves to IP address 62.210.172.150, a hosting infrastructure with a history of association with malicious campaigns. While the exact creation date and registrar details are not provided in available intelligence, the combination of a clean VirusTotal score and active SOCIAL_ENGINEERING flag raises immediate concerns. The domain’s naming convention—reformmembershipcert.wasmer.app—suggests an attempt to mimic legitimate Wasmer App services, likely targeting users familiar with the platform who may unknowingly trust the certificate-like subdomain structure. Users who have visited reformmembershipcert.wasmer.app should assume potential exposure of their credentials or crypto wallet connections. Immediately disconnect any connected wallets, revoke any granted permissions, and scan devices for malware using reputable security software. Avoid interacting with any prompts or requests on the site, as they are likely designed to drain crypto assets or harvest login details. Report the domain to your browser’s safe browsing tool or platforms like Google Safe Browsing to help block future access. If you entered login credentials, change passwords for all related accounts and enable two-factor authentication where available. Monitor crypto wallets and financial accounts closely for unauthorized transactions. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 62.210.172.150 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/reformmembershipcert.wasmer.app - PhishDestroy: https://phishdestroy.io/domain/reformmembershipcert.wasmer.app/ - LLM endpoint: https://phishdestroy.io/domain/reformmembershipcert.wasmer.app/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/reformmembershipcert.wasmer.app/ Last updated: 2026-04-03