# web-ldger-com-login.pages.dev — SUSPICIOUS > PhishDestroy identifies web-ldger-com-login.pages.dev as a credential phishing domain mimicking a crypto wallet login with 0/95 VirusTotal detections. ## Summary This domain, web-ldger-com-login.pages.dev, operates as a credential phishing site designed to mimic a legitimate crypto wallet login portal, likely targeting users to steal cryptocurrency wallet credentials or private keys. The threat actor behind this domain is attempting to deceive visitors into entering sensitive login information under the guise of accessing a secure wallet service. The page is hosted on Cloudflare Pages, leveraging the platform’s infrastructure to obscure its true origin and evade detection. Users arriving at this domain are presented with a fraudulent login interface that closely resembles a real crypto wallet service, increasing the risk of unintentional credential submission. The domain’s structure, combining terms like 'web-ldger' and 'login' with the '.pages.dev' TLD, suggests an attempt to appear official and technical, further manipulating users into a false sense of security. This domain was flagged through multiple security indicators, including a VirusTotal scan with 0 out of 95 antivirus engines detecting it as malicious at the time of analysis. It was registered through Cloudflare, Inc., resolving to the IP address 188.114.97.3, which is part of Cloudflare’s infrastructure. Additionally, the domain holds an SSL certificate issued by Google Trust Services, a tactic commonly used to add legitimacy to phishing sites by displaying a padlock icon in browsers. Google Safe Browsing has already flagged this domain under the category of SOCIAL_ENGINEERING, indicating it employs deceptive practices to trick users. Despite these red flags, the domain remains active and has not yet been widely blocked, as evidenced by its lack of detections on VirusTotal. The combination of a reputable registrar, a legitimate-looking SSL certificate, and a hosting provider known for privacy protections creates a challenging environment for early detection and mitigation. If you have visited web-ldger-com-login.pages.dev and entered any credentials or personal information, you should immediately change the passwords for those accounts and enable two-factor authentication where possible. Avoid using any wallet addresses or cryptocurrency-related credentials on this site, as they may have been compromised. Disconnect any active sessions from your devices and scan for malware or unauthorized access. Report the domain to PhishDestroy to aid in its investigation and potential blacklisting. Monitor your cryptocurrency wallets and financial accounts closely for any unauthorized transactions, as stolen credentials may be used to drain funds. For future visits to similar sites, verify the domain’s legitimacy by checking PhishDestroy’s database or consulting official sources before entering sensitive information. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/1954717a-7330-4e34-b26a-1437c9b39d2e - PhishDestroy: https://phishdestroy.io/domain/web-ldger-com-login.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/web-ldger-com-login.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/web-ldger-com-login.pages.dev/ Last updated: 2026-03-22