# follow-up-ledger-site.pages.dev — SUSPICIOUS > Block this crypto drainer phishing site: follow-up-ledger-site.pages.dev steals crypto assets via fake Ledger wallets. VirusTotal 0/95 undetected. ## Summary PhishDestroy identifies follow-up-ledger-site.pages.dev as an active crypto drainer posing a high-risk threat to cryptocurrency users. This domain mimics legitimate Ledger wallet services to trick users into connecting their wallets and authorizing unauthorized transactions. The site leverages Cloudflare’s infrastructure and Google Trust Services SSL certificates to appear legitimate, evading immediate detection by traditional security tools. With 0 detections on VirusTotal out of 95 scans and resolving to IP 188.114.96.3, this domain is actively being used to drain funds from unsuspecting victims. Users must remain vigilant against such sophisticated phishing attempts that exploit trust in well-known wallet providers. This domain was flagged through Cloudflare, Inc. and is currently under active investigation. Its SSL certificate, issued by Google Trust Services, further lends it an air of credibility, making it a potent tool for cybercriminals targeting cryptocurrency holders. The lack of detections on VirusTotal highlights the evolving tactics of these attackers, who continuously adapt to bypass standard security measures. Blocklist counts are not yet available, indicating this threat is still relatively new but growing in sophistication and reach. If you have visited follow-up-ledger-site.pages.dev, immediately revoke any wallet connections to this domain using your wallet’s connection management feature. Disconnect the site and check your transaction history for any unauthorized transfers. Use a reputable security tool to scan your device for malware or keyloggers that may have been installed during your visit. Report any suspicious transactions to your wallet provider and consider transferring remaining funds to a secure, offline wallet. Stay informed by reviewing detailed threat reports and update your cybersecurity practices to include multi-factor authentication and hardware wallet usage for added protection. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/0001ade8-ef00-4f26-a8a1-89c33f9cb784 - PhishDestroy: https://phishdestroy.io/domain/follow-up-ledger-site.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/follow-up-ledger-site.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/follow-up-ledger-site.pages.dev/ Last updated: 2026-03-21