# wel-live-ledgr-eng.pages.dev — SUSPICIOUS

> wel-live-ledgr-eng.pages.dev hosts a crypto drainer active via Cloudflare. VirusTotal shows 0/95 detections—act now to block this domain.

## Summary
PhishDestroy identifies wel-live-ledgr-eng.pages.dev as a newly active crypto drainer leveraging Cloudflare Pages for distribution. The domain resolves to IP 188.114.97.3 and utilizes a Google Trust Services SSL certificate, adding legitimacy to its fraudulent operations. Security teams should treat this domain as a high-priority threat due to its potential to steal cryptocurrency assets from unsuspecting users.

This domain exhibits multiple red flags consistent with malicious infrastructure. VirusTotal currently reports 0 out of 95 detections, indicating evasion of automated analysis tools, while the registrar is Cloudflare, Inc.—a common choice for threat actors to obfuscate their ownership. The lack of detections despite its active status suggests this campaign is either very recent or employs sophisticated evasion techniques. Users interacting with this domain risk unauthorized cryptocurrency transactions and credential harvesting.

If exposure to this domain has occurred, users should immediately revoke any cryptocurrency wallet permissions linked to this site. Disable browser extensions that may have interacted with the domain, clear cached credentials, and scan for malware using a trusted endpoint detection and response tool. Organizations should block this domain at the network level via DNS filtering and review proxy logs for any internal access. Time-sensitive action is critical to mitigate potential financial loss.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/wel-live-ledgr-eng.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/wel-live-ledgr-eng.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/wel-live-ledgr-eng.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/wel-live-ledgr-eng.pages.dev/
Last updated: 2026-04-05