# homepage-en--ledgr--us.pages.dev — SUSPICIOUS

> PhishDestroy identifies homepage-en--ledgr--us.pages.dev as a crypto drainer impersonating Ledger. VirusTotal shows 0/95 detections.

## Summary
Domain homepage-en--ledgr--us.pages.dev was flagged by PhishDestroy as an active crypto drainer impersonating the Ledger hardware wallet brand. The site leverages a Cloudflare Pages subdomain to host a fraudulent interface designed to deceive users into connecting their crypto wallets, enabling unauthorized asset transfers. No known drainer kit signatures were observed in public sandboxes, suggesting a newly deployed or obfuscated deployment strategy.  

This domain resolves to IP 188.114.97.3 and is registered through Cloudflare, Inc. The SSL certificate is issued by Google Trust Services, a tactic commonly used to bypass traditional browser warnings. At the time of analysis, VirusTotal reported 0 detections out of 95 engines, indicating a low current signature coverage. The domain remains unlisted on Google Safe Browsing (GSB) and has not yet propagated to major threat intelligence blocklists. WHOIS data shows a recent creation date, consistent with the rapid deployment of phishing infrastructure to evade detection.  

The domain remains active and under investigation, with no active takedown in place as of analysis completion. Users are advised to avoid interaction with this domain and to report any exposure to their security teams or wallet providers immediately. Remaining risk is high due to the absence of signature-based detection and the use of legitimate CDN infrastructure. Proactive monitoring and heuristic analysis are recommended to prevent asset loss.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/d44186fe-a04e-4135-81c9-8ab65dba770d
- PhishDestroy: https://phishdestroy.io/domain/homepage-en--ledgr--us.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/homepage-en--ledgr--us.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/homepage-en--ledgr--us.pages.dev/
Last updated: 2026-03-22