Catch phishing pages before blocklists do.

Entity: Ledger | The URL uses a suspicious subdomain on a free hosting platform (pages.dev) and contains typosquatting ('portel' instead of 'portal') to mimic the official Ledger brand.; The page is a credential harvesting form impersonating Ledger Live, which typically operates as a local application rather than a web-based login portal on a third-party domain.

Entity: Ledger | The URL uses a typo-squatted subdomain 'ledgge' instead of the official 'ledger' brand name to deceive users.; The site is hosted on a free 'pages.dev' cloud platform, a common tactic for phishing campaigns to bypass security filters and avoid domain registration scrutiny.

Entity: E8体育 | The domain 'walletflood.com' is unrelated to the multiple sports betting and gambling brands displayed, a common pattern for phishing or fraudulent portal sites.; The visual content promotes high-stakes gambling and unrealistic bonuses, which are frequently used as bait for scams or unregulated activities.

Entity: Ledger | The domain uses a typosquatted version of the legitimate brand name ('ledzer' instead of 'ledger') which is a common phishing tactic.; The site is hosted on a free subdomain (pages.dev) while claiming to be an official service for a major hardware wallet brand.

Entity: Ledger | The website uses a third-party subdomain (zapier.app) to host content claiming to be official Ledger support, which is a classic indicator of a phishing attempt.; A legitimate security company like Ledger would host its official documentation and login guides on its own verified domain (ledger.com) rather than a free automation platform.

Entity: Iron Wallet | The application is hosted on a free subdomain (pages.dev), which is a common tactic for phishing sites seeking to exploit the reputation of the parent domain while avoiding costs and verification associated with professional domains.; Legitimate financial and cryptocurrency software providers utilize official, branded top-level domains for security and trust; hosting a non-custodial wallet interface on a generic hosting service is highly characteristic of credential harvesting scams.

Entity: Ledger | The domain uses typo-squatting ('leddger' with an extra 'd') to mimic the legitimate Ledger brand.; The site is hosted on a free subdomain (pages.dev), which is highly atypical for a legitimate financial hardware wallet provider like Ledger.

Entity: CEX.io | The site uses a 'pages.dev' subdomain to mimic the official CEX.io brand, a common tactic for hosting phishing pages on legitimate cloud platforms.; The URL includes keywords like 'app' and 'login' while being disconnected from the official 'cex.io' domain, indicating an attempt to harvest user credentials.

Entity: Ledger | The URL uses a misspelled version of the brand ('ledgr' instead of 'ledger') and is hosted on a generic subdomain (pages.dev) rather than the official company domain.; The page uses obfuscated text with diacritics in the main header (e.g., 'Lėdger') to bypass automated security filters, a classic indicator of a phishing site.

Entity: Spin Casino | The website is hosted on a free Cloudflare Pages subdomain (pages.dev) rather than a legitimate corporate domain, which is highly unusual for a major gambling brand.; The URL uses keywords like 'login' and 'vip' alongside a well-known brand name to create a deceptive link aimed at harvesting user credentials or financial information.