# whatsapp-private-a23.pages.dev — MALICIOUS > PhishDestroy identifies whatsapp-private-a23.pages.dev as a fake WhatsApp login page. 10/95 security vendors flagged this domain. ## Summary PhishDestroy identifies an active phishing campaign impersonating WhatsApp at whatsapp-private-a23.pages.dev. This fraudulent site mimics the private WhatsApp login portal to steal account credentials from unsuspecting users. Once accessed, the page requests login details under the guise of “verification,” harvesting entered emails and passwords for unauthorized access or resale on dark web markets. The risk is elevated due to active hosting and SSL certification, which can mislead even security-conscious users into trusting the page. This is not a subtle or experimental campaign—it is a direct attempt to compromise WhatsApp accounts. This domain was flagged by 10 out of 95 VirusTotal security vendors, indicating moderate detection but ongoing risk. It resolves to IP address 188.114.97.3 and uses a Google Trust Services SSL certificate, which increases its perceived legitimacy. The domain is registered through Cloudflare, Inc., a common choice among threat actors to obfuscate hosting and evade takedowns. While Cloudflare does not endorse malicious use, it provides anonymity layers that prolong campaign persistence. The site was likely created recently, leveraging the legitimate *.pages.dev subdomain of Cloudflare Pages to host phishing content under a trusted parent domain. If you visited whatsapp-private-a23.pages.dev and entered any information, immediately change your WhatsApp password and enable two-step verification. Revoke any suspicious sessions from your account settings and scan your device for malware using a reputable antivirus tool. Report the domain to WhatsApp’s phishing reporting system (support@whatsapp.com) and forward the URL to your email provider if you used the same password elsewhere. Avoid clicking links in unsolicited messages, especially those claiming urgent account issues. Always navigate directly to official sources like web.whatsapp.com or use the official mobile app. PhishDestroy advises users to treat any unexpected login prompts with skepticism—genuine services will never ask for credentials via third-party domains. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 10 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/14af6f7f-a0a1-43b7-99d8-8bb81a911621 - PhishDestroy: https://phishdestroy.io/domain/whatsapp-private-a23.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/whatsapp-private-a23.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/whatsapp-private-a23.pages.dev/ Last updated: 2026-03-29