# webholders.pages.dev — SUSPICIOUS

> PhishDestroy flags webholders.pages.dev as a crypto drainer phishing site. 0/95 VirusTotal vendors flagged. Avoid and verify on PhishDestroy.

## Summary
PhishDestroy identifies webholders.pages.dev as an active crypto drainer phishing domain currently under investigation. The site is designed to deceive users into connecting cryptocurrency wallets under false pretenses, with the ultimate goal of draining digital assets. This domain is not a generic phishing attempt but specifically targets crypto users through fraudulent wallet connection prompts.


This domain was flagged by 0 of 95 VirusTotal vendors, indicating it has not yet been widely detected by automated scanning tools. The domain is registered through Cloudflare, Inc. and resolves to IP address 172.66.44.172. It operates under Google Trust Services for SSL certificates, which does not inherently indicate legitimacy. The domain is hosted on Cloudflare Pages, a legitimate service that can be abused by threat actors to host malicious content. Current blocklist counts and creation dates were not provided in the available data.


PhishDestroy currently lists this domain as active with a status of under_investigation, meaning the threat is real but still being analyzed for additional indicators. Users should avoid interacting with webholders.pages.dev and verify any suspicious links through PhishDestroy before proceeding. If you have encountered this domain, report it immediately to PhishDestroy to aid in the investigation. Always use hardware wallets or verified software wallets for cryptocurrency transactions to minimize exposure to drainer scripts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.172

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/21cfb532-3d81-4559-9091-a71d7e2e9f4f
- PhishDestroy: https://phishdestroy.io/domain/webholders.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/webholders.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/webholders.pages.dev/
Last updated: 2026-03-29