# home-page-en-ledgr--us.pages.dev — SUSPICIOUS > home-page-en-ledgr--us.pages.dev is a fraudulent login page claiming to be a crypto wallet service. This site poses as a legitimate portal but is designed to. ## Summary PhishDestroy identifies home-page-en-ledgr--us.pages.dev as an active fraudulent login portal designed to harvest user credentials under the guise of a legitimate service. This domain employs a generic phishing kit targeting unsuspecting users by mimicking a login interface for a popular cryptocurrency-related service. No specific brand or drainer kit attribution was detected during analysis, suggesting a broad, opportunistic campaign rather than a targeted brand impersonation. The threat actor leverages Cloudflare Pages to host the phishing content, exploiting the platform’s free tier to evade traditional takedown mechanisms. This domain resolves to IP address 172.66.47.182 and is registered through Cloudflare, Inc., which also provides its SSL certificate via Google Trust Services. Intelligence gathered from VirusTotal indicates that only 1 out of 95 security vendors flagged the domain as malicious, highlighting the stealthy nature of this threat. The domain was flagged with a generic phishing classification, and its low detection rate underscores the effectiveness of Cloudflare’s hosting in bypassing automated defenses. The SSL certificate adds a veneer of legitimacy, tricking users into believing the site is secure, while the low VirusTotal score suggests a need for improved proactive detection mechanisms. As of the latest assessment, home-page-en-ledgr--us.pages.dev remains active and poses an elevated risk to users who may encounter the link through phishing emails, social media, or deceptive advertisements. Immediate response actions include blocking the domain at the network and endpoint levels, as well as submitting the URL to threat intelligence platforms for further dissemination. However, due to the use of legitimate hosting services and SSL certificates, traditional takedown efforts may face delays. Users are strongly advised to verify the legitimacy of any login portal, avoid entering sensitive information, and report suspicious domains to their security teams or trusted threat intelligence sources. The remaining risk is elevated due to the domain’s active status and the potential for continued exploitation in future campaigns. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.182 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/3365cbb2-2419-45d4-ac1d-b41e7841eb71 - PhishDestroy: https://phishdestroy.io/domain/home-page-en-ledgr--us.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/home-page-en-ledgr--us.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/home-page-en-ledgr--us.pages.dev/ Last updated: 2026-03-22