# us-ldgrelog-in.pages.dev — MALICIOUS

> PhishDestroy warns that us-ldgrelog-in.pages.dev hosts a crypto drainer disguised as a login portal. 10/95 security vendors flag this domain.

## Summary
PhishDestroy’s forensic team has identified us-ldgrelog-in.pages.dev as an active crypto-draining phishing domain impersonating a legitimate log-in portal. This generic phishing page is designed to harvest wallet credentials and initiate unauthorized cryptocurrency transfers, aligning with the growing trend of crypto-drainer kits deployed via cloudflare-pages.dev subdomains. The page mimics a standard authentication interface, tricking users into entering sensitive information that is immediately transmitted to attacker-controlled endpoints.

Technical indicators confirm elevated risk: the domain, registered through Cloudflare, Inc., resolves to IP 188.114.97.3 and holds a Google Trust Services SSL certificate. VirusTotal analysis shows 10 out of 95 security vendors flagging this domain, and Google Safe Browsing (GSB) currently lists it as unsafe. While the exact creation date was not disclosed, the domain remains active and unblocked by major browsers at the time of analysis. This places it on multiple threat intelligence feeds, including PhishDestroy’s curated blocklist.

As of the latest scan, us-ldgrelog-in.pages.dev remains online with an 'active' status, posing an ongoing risk to cryptocurrency users. PhishDestroy recommends immediate blocking of the domain and IP address. Users are strongly advised to verify links using PhishDestroy’s link scanner before entering credentials or making transactions. Despite takedown efforts, the use of Cloudflare Pages and Google SSL certificates allows attackers to rapidly redeploy similar domains, maintaining a persistent threat landscape. Remain vigilant and validate all login portals using official channels.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 10 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/398e9c9f-bf8f-4abf-93ba-43ce69a5639b
- PhishDestroy: https://phishdestroy.io/domain/us-ldgrelog-in.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/us-ldgrelog-in.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/us-ldgrelog-in.pages.dev/
Last updated: 2026-03-24