# wenexchange-join.pages.dev — SUSPICIOUS > PhishDestroy identifies wenexchange-join.pages.dev as a crypto drainer impersonating a trading platform. ## Summary PhishDestroy identifies wenexchange-join.pages.dev as a crypto drainer impersonating a legitimate trading platform to steal cryptocurrency from unsuspecting users. The domain leverages a Cloudflare front-end hosted on IP 172.66.45.10 to disguise its true origin while presenting a spoofed login portal that captures wallet private keys or prompts fraudulent transactions. Once credentials or seed phrases are entered, attackers immediately siphon funds to controlled wallets, leaving victims with irreversible losses. This operation is part of a wider campaign targeting crypto traders who may be lured through social media ads or counterfeit referral links. This domain was flagged in real time across multiple security frameworks: it is currently blocked by two independent threat intelligence systems (ScamSniffer and Enkrypt), indicating active malicious behavior. Although VirusTotal engines have not yet flagged the site (0 out of 95 detections), the absence of detection does not equate to safety—this site remains unvetted by the majority of antivirus engines. The domain is registered through Cloudflare, Inc., which provides anonymizing infrastructure commonly exploited by threat actors to obfuscate hosting origins. The SSL certificate issued by Google Trust Services lends a false sense of legitimacy, but trust should never be based solely on HTTPS indicators. If you visited wenexchange-join.pages.dev, immediately disconnect from the internet and disconnect all wallets or browsers with active sessions. Revoke any connected wallet permissions via your wallet interface or blockchain explorer. Do not interact further with the site or any links from it. Run a full system scan using reputable antivirus tools and consider rotating all crypto wallet credentials. Report the domain to PhishDestroy for further analysis and inclusion in public threat feeds. Stay vigilant—crypto drainers like this evolve quickly and often exploit urgency, FOMO, or limited-time offers to bypass rational scrutiny. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.45.10 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["ScamSniffer", "Enkrypt"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/wenexchange-join.pages.dev - PhishDestroy: https://phishdestroy.io/domain/wenexchange-join.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/wenexchange-join.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/wenexchange-join.pages.dev/ Last updated: 2026-04-08