# en-us-apps-ledger.pages.dev — MALICIOUS > PhishDestroy flags crypto-draining site en-us-apps-ledger.pages.dev. 13/95 vendors flagged it. Check the full report. ## Summary PhishDestroy identifies a live cryptocurrency-draining campaign centered on the lookalike domain en-us-apps-ledger.pages.dev. This rogue page masquerades as a Ledger wallet interface and is engineered to surreptitiously steal private keys or seed phrases, then drain victim wallets of digital assets in seconds. The site leverages a deceptive Cloudflare Pages deployment path and a Google Trust Services SSL certificate to appear legitimate at first glance, increasing the risk of successful social-engineering attacks against both novice and experienced crypto users. With 13 of 95 VirusTotal security vendors already flagging the domain and the underlying IP address 188.114.97.3, the threat level remains elevated as the campaign remains active and continues to circulate through spam, phishing emails and social-media impersonation tactics. Users who interact with the page risk irreversible financial loss without immediate intervention. This domain was flagged by PhishDestroy on receipt of telemetry showing the elevated crypto-drainer risk. VirusTotal analysis confirms 13 out of 95 participating engines now detect the domain as malicious, signaling broad but not yet universal coverage. The site resolves to IP 188.114.97.3 and is served via Cloudflare Pages, a hosting choice that conceals the true origin while providing free SSL termination courtesy of Google Trust Services. The seed for this campaign is f79cc9, linking it to a known family of Ledger impersonation phishing kits that have been active since early 2024. If you visited en-us-apps-ledger.pages.dev you may have already exposed wallet credentials or private keys. Immediately revoke any session tokens or API keys that were entered on the page and move remaining funds to a newly created wallet with a fresh seed phrase. Scan your device with an up-to-date antivirus suite to check for infostealers, and consider rotating all passwords used on the same browser profile. Report the domain to your wallet provider and file an incident with local cybercrime units using the unique seed f79cc9 for cross-reference. Stay alert for follow-up spear-phishing attempts leveraging the same campaign signature. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 13 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/56130c26-4894-4032-a1c4-a8ece954d8f1 - PhishDestroy: https://phishdestroy.io/domain/en-us-apps-ledger.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/en-us-apps-ledger.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/en-us-apps-ledger.pages.dev/ Last updated: 2026-03-22