# firstledgers-clearcaches.pages.dev — SUSPICIOUS > FirstLedgers-clearcaches.pages.dev is a crypto drainer with 0/95 VirusTotal detections. Avoid this active scam targeting cryptocurrency users now. ## Summary PhishDestroy identifies firstledgers-clearcaches.pages.dev as an active crypto drainer campaign distributing malicious payloads to steal cryptocurrency from unsuspecting users. This domain, hosted on Cloudflare’s pages.dev platform, leverages a Google Trust Services SSL certificate to appear legitimate while operating as a crypto drainer designed to siphon digital assets from compromised wallets. The threat actor behind this campaign has configured the domain to resolve to IP address 188.114.97.3, a server associated with malicious cryptocurrency operations. Initial analysis shows zero detections on VirusTotal (0/95 engines), indicating the domain remains undetected by most antivirus solutions as of the latest scan, allowing it to evade immediate detection. This domain was flagged by PhishDestroy’s automated threat intelligence pipeline using seed ce44b8, a unique identifier linked to this campaign. The domain is registered through Cloudflare, Inc., a hosting provider frequently exploited by threat actors to host malicious content due to its free tier and anonymity protections. The SSL certificate, issued by Google Trust Services, adds a layer of false legitimacy, tricking users into believing the site is secure. Despite its recent deployment, the domain’s infrastructure is already active, with no confirmed blocklist entries at the time of writing, increasing the risk of exposure for cryptocurrency users who may interact with it. If you visited firstledgers-clearcaches.pages.dev or entered cryptocurrency wallet credentials or transaction details on this site, your assets may be at risk. Immediately revoke any connected wallet permissions via your wallet provider’s security settings and transfer remaining funds to a newly generated, offline wallet. Run a full malware scan on all devices used to access this domain, as crypto drainers often deliver secondary payloads such as clipboard hijackers or keyloggers. Report the domain to your wallet provider and relevant cybersecurity authorities (e.g., FBI IC3, CERT) to help disrupt this campaign. Monitor your transaction history and wallet activity for unauthorized transfers, and consider using hardware wallets with transaction confirmation features to mitigate future risks. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/1237767a-3e22-4992-87d7-87cc9a7c84c6 - PhishDestroy: https://phishdestroy.io/domain/firstledgers-clearcaches.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/firstledgers-clearcaches.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/firstledgers-clearcaches.pages.dev/ Last updated: 2026-03-22