# secure-ledger-sso.pages.dev — MALICIOUS > secure-ledger-sso.pages.dev purports as a crypto wallet service but is a confirmed crypto drainer with 13/95 VirusTotal detections. Avoid interactions. ## Summary PhishDestroy identifies secure-ledger-sso.pages.dev as an active crypto drainer, a malicious website designed to siphon cryptocurrency funds from unsuspecting users’ wallets by tricking them into connecting and authorizing fraudulent transactions. The site leverages social engineering tactics that mimic legitimate “secure ledger” or SSO (Single Sign-On) services, often targeted at crypto investors or users of decentralized applications. Upon connection, the malicious script interacts with the victim’s wallet, prompts for transaction approvals, and silently drains tokens or NFTs—often irreversibly—without requiring private key theft, only malicious signatures. This domain was flagged by 13 out of 95 VirusTotal security vendors, indicating elevated risk and consistent malicious behavior detection across multiple engines. It was registered through Cloudflare, Inc., a commonly abused privacy-protecting registrar that obscures ownership but does not verify legitimacy, and is hosted on IP 172.66.45.29, routed through Cloudflare’s network. It has appeared on 1 confirmed public blocklist and is actively blocked by MetaMask, which prevents users from connecting their wallets directly from suspicious sites. No evidence suggests the site is related to a legitimate ledger or authentication service. Its SSL certificate is issued by Google Trust Services, which only confirms encryption, not legitimacy. If you visited secure-ledger-sso.pages.dev, immediately revoke any wallet connections made via the WalletConnect or injected script links. Use your wallet’s connection management tools (e.g., MetaMask, Rabby) to disconnect unknown or suspicious dApps. Transfer any remaining funds to a fresh wallet and consider using a hardware wallet or cold storage for long-term security. Report the domain to your antivirus software and to the blocklists via URLVoid or PhishTank. Always verify site authenticity through official channels and never connect wallets to unverified or unfamiliar domains, especially those using shortened or deceptive subdomains. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.45.29 ## Detection Status - VirusTotal: 13 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["MetaMask"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/81cc9fcb-3415-44ea-9819-5f6cdd0bffab - PhishDestroy: https://phishdestroy.io/domain/secure-ledger-sso.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/secure-ledger-sso.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/secure-ledger-sso.pages.dev/ Last updated: 2026-03-22