# sos-ledgerr.pages.dev — SUSPICIOUS

> PhishDestroy identifies sos-ledgerr.pages.dev as a crypto drainer hosted on Cloudflare with 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies sos-ledgerr.pages.dev as an emerging cryptocurrency drainer domain currently under active investigation. This malicious site specifically targets digital asset holders by simulating legitimate blockchain services to facilitate unauthorized fund transfers. The investigation remains ongoing as threat actors continuously evade detection through rapidly changing infrastructure and obfuscation techniques.  sos-ledgerr.pages.dev resolves to IP address 172.66.44.108 and operates under Cloudflare's infrastructure, masking its true origin while leveraging legitimate SSL certificates from Google Trust Services. VirusTotal currently reports 0/95 security detections against this domain, indicating it has not yet been widely flagged by traditional security vendors. The unique seed identifier 'bd1c4a' supports tracking of this campaign across multiple domains using similar tactics. This domain represents a critical threat to cryptocurrency users due to its specialized focus on unauthorized fund extraction through deceptive credential harvesting and transaction manipulation.  Immediate mitigation requires complete avoidance of sos-ledgerr.pages.dev and any domains sharing infrastructure patterns indicated by seed 'bd1c4a'. Users should verify all blockchain-related URLs through official channels before entering credentials or initiating transactions. Implementing browser protections that block known crypto drainer domains and maintaining updated hardware wallets for critical assets provides additional security layers. Report any interactions with this domain to PhishDestroy through official channels for further analysis and potential blacklist propagation.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.108

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/sos-ledgerr.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/sos-ledgerr.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/sos-ledgerr.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/sos-ledgerr.pages.dev/
Last updated: 2026-04-02