# wel-leger-com-start.pages.dev — SUSPICIOUS

> wel-leger-com-start.pages.dev is a credential theft domain flagged by 0 of 95 VirusTotal vendors. Suspected brand impersonation of 'Wells Fargo'.

## Summary
PhishDestroy identifies wel-leger-com-start.pages.dev as an active credential theft domain impersonating Wells Fargo banking services. The domain is currently under investigation and exhibits multiple high-risk indicators, including deceptive branding and infrastructure anomalies.

This domain was flagged by 0 of 95 VirusTotal vendors as of the latest scan, indicating it has not yet been widely recognized as malicious but remains under scrutiny. Registered through Cloudflare, Inc., it resolves to IP address 188.114.96.3 and operates with a Google Trust Services SSL certificate, which may lend false legitimacy to unsuspecting visitors. The domain's recent creation and lack of blocklist entries suggest an opportunistic campaign targeting users seeking financial services.

Authorities strongly recommend avoiding interactions with this domain, including clicking links or entering credentials. Users who may have engaged with this site should immediately change passwords for Wells Fargo accounts and other linked financial services. Organizations should implement DNS filtering to block access to this domain and similar infrastructure. Continuous monitoring is advised due to the evolving nature of credential theft campaigns.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/wel-leger-com-start.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/wel-leger-com-start.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/wel-leger-com-start.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/wel-leger-com-start.pages.dev/
Last updated: 2026-04-04