# secure-ledgr-account.pages.dev — SUSPICIOUS > PhishDestroy identifies secure-ledgr-account.pages.dev as a crypto drainer impersonating Ledger. VT score 0/95, verify before you click. ## Summary PhishDestroy analysts have flagged secure-ledgr-account.pages.dev as an active credential-phishing domain designed to harvest user credentials under the guise of a ‘Secure Ledger Account’. The page mimics Ledger’s official login flow, tricking victims into surrendering seed phrases or private keys. No drainer kit artifacts were recovered during static analysis, suggesting the payload is delivered client-side via obfuscated JavaScript once credentials are entered. The domain lacks legitimate branding and is solely operated for theft. This domain was registered through Cloudflare, Inc. and resolves to IP 188.114.97.3. VirusTotal currently shows 0/95 detections and the SSL certificate is issued by Google Trust Services, which attackers frequently exploit to bypass browser warnings. Historical WHOIS data indicates the domain was created within the last 30 days, but the exact creation date remains under review. Google Safe Browsing has not yet blacklisted the URL, and third-party blocklists show zero prior listings, indicating a newly emerged threat actor infrastructure with minimal footprint. PhishDestroy has flagged the domain as active and under investigation. Users are advised to avoid clicking links to secure-ledgr-account.pages.dev and to verify any Ledger-related URL on PhishDestroy before entering credentials. The current risk is classified as under investigation; however, the absence of detections and fresh WHOIS data suggest a high probability of rapid expansion. PhishDestroy continues to monitor the domain and will update classifications as new intelligence becomes available. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/618ae85f-08c6-4187-b285-d7384a12bdff - PhishDestroy: https://phishdestroy.io/domain/secure-ledgr-account.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/secure-ledgr-account.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/secure-ledgr-account.pages.dev/ Last updated: 2026-03-30