# ledger-web-access.pages.dev — SUSPICIOUS > Beware: crypto drainer phishing site ledger-web-access.pages.dev steals funds. Detected by 0/95 scanners. Verify safety on PhishDestroy before logging in. ## Summary A recently identified crypto drainer campaign is leveraging the domain ledger-web-access.pages.dev to impersonate Ledger’s official web interface. Threat actors are using this phishing page to trick users into entering their wallet credentials or connecting their hardware devices, allowing the attackers to drain cryptocurrency assets directly from connected wallets. The domain is hosted on Cloudflare Pages and resolves to IP 188.114.97.3, with an SSL certificate issued by Google Trust Services to add a false sense of legitimacy. As of this advisory, VirusTotal reports zero detections (0/95 scanners) and the domain remains unflagged on most blocklists, indicating it is still in early stages of deployment and actively evading detection. PhishDestroy’s analysis reveals that ledger-web-access.pages.dev was registered through Cloudflare, Inc., with no publicly available creation date at the time of investigation. The domain mimics Ledger’s branding to deceive users attempting to access their wallet interface. Despite zero detections on VirusTotal, the site serves as a crypto drainer—malware designed to extract funds from connected wallets without user consent. The infrastructure relies on legitimate cloud services (Cloudflare Pages and Google Trust Services) to bypass traditional email and domain-based security filters, making it harder for users and automated systems to detect the threat early. Users who visited ledger-web-access.pages.dev or entered any credentials should immediately disconnect their wallet, revoke any connected permissions through their wallet’s interface, and transfer remaining assets to a newly generated wallet. Do not reuse passwords or seed phrases. Run a full antivirus scan on all devices used to access cryptocurrency platforms. If you suspect exposure, report the incident to PhishDestroy using seed 3459c4 for tracking. Always verify URLs via official Ledger channels and use PhishDestroy’s real-time scanner before entering sensitive information online. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/e39abf3f-b54e-4887-8a7c-6c6ca0e7f70d - PhishDestroy: https://phishdestroy.io/domain/ledger-web-access.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ledger-web-access.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledger-web-access.pages.dev/ Last updated: 2026-03-22