# portal-login-ledger-web.pages.dev — SUSPICIOUS > PhishDestroy identifies portal-login-ledger-web.pages.dev as a crypto draining scam site. It evades detection with 0/95 VirusTotal flags. ## Summary PhishDestroy has identified an active crypto draining threat tied to the domain portal-login-ledger-web.pages.dev. This fraudulent site is designed to impersonate legitimate cryptocurrency wallet login portals, tricking users into entering their private keys or seed phrases under the guise of logging in or verifying transactions. Once credentials or mnemonic phrases are submitted, attackers immediately drain associated crypto wallets, often transferring assets to untraceable addresses or converting them to privacy coins. The domain is currently under investigation but remains accessible, posing a direct financial risk to unsuspecting users. SSL encryption via Google Trust Services (Google Trust Services) lends it an air of legitimacy, while Cloudflare hosting complicates takedown efforts. This domain was flagged with 0 detections out of 95 scans on VirusTotal, indicating it has yet to be widely recognized as malicious. It resolves to IP address 188.114.96.3 and is registered through Cloudflare, Inc., leveraging the provider’s anonymity protections to evade detection and takedown. While registrant details are obscured, the use of Cloudflare Pages suggests the infrastructure may be rapidly provisioned and discarded after use — a common tactic to extend the window of operation. Such sites are often created hours or days before being deployed in phishing campaigns, making proactive detection challenging. If you visited portal-login-ledger-web.pages.dev or entered any sensitive information, immediately transfer remaining funds to a new, secure wallet with a freshly generated seed phrase. Revoke wallet permissions on all connected dApps using tools like Etherscan’s ‘Token Approvals’ or your wallet’s built-in security features. Monitor transaction logs for unauthorized transfers and consider filing a police report with local cybercrime units. Use a hardware wallet for long-term storage and enable multi-factor authentication where possible. Always verify URLs via official project websites or trusted channels before entering credentials. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/portal-login-ledger-web.pages.dev - PhishDestroy: https://phishdestroy.io/domain/portal-login-ledger-web.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/portal-login-ledger-web.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/portal-login-ledger-web.pages.dev/ Last updated: 2026-04-06