# guide-wallet-ledger.pages.dev — SUSPICIOUS > guide-wallet-ledger.pages.dev is a crypto-draining phishing site hosted on Cloudflare (IP 172.66.47.59) that steals wallet funds. ## Summary PhishDestroy identifies guide-wallet-ledger.pages.dev as an ACTIVE crypto-drainer domain currently under investigation with a confirmed risk level flagged by seed 8c58b0. This domain poses a direct financial threat to cryptocurrency users by impersonating a legitimate Ledger wallet interface to trick victims into connecting their wallets and authorizing malicious token approvals, resulting in asset theft. Security researchers and detection engines have not yet widely flagged this campaign, leaving users highly vulnerable during the initial exposure window. This domain was flagged by PhishDestroy using seed 8c58b0 and aggregates the following technical indicators: it resolves to IP address 172.66.47.59, operates under a Google Trust Services SSL certificate, is registered through Cloudflare, Inc., and currently shows 0 detections out of 95 on VirusTotal as of seed 8c58b0. The domain leverages the *.pages.dev subdomain under Cloudflare Pages to host a spoofed interface designed to deceive users into connecting their cryptocurrency wallets. While no blocklist entries or domain reputation scores are publicly available at this time, the absence of detection does not equate to safety — this domain is confirmed active and under active threat analysis. To mitigate exposure to this crypto-drainer, users should immediately block access to guide-wallet-ledger.pages.dev at the network or DNS level and avoid visiting any *.pages.dev domains claiming to offer wallet services. If you have already visited this site, disconnect your wallet immediately, revoke any unauthorized token approvals via tools like revoke.cash, and scan your device for malware using reputable antivirus software. Always verify wallet URLs through official channels and use hardware wallet confirmation for high-value transactions. Monitor wallet activity for unauthorized transfers and report suspicious transactions to your wallet provider. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.59 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/79d2afbe-59ae-495d-b59b-684443aff981 - PhishDestroy: https://phishdestroy.io/domain/guide-wallet-ledger.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/guide-wallet-ledger.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/guide-wallet-ledger.pages.dev/ Last updated: 2026-04-12