# ldger-us-io.pages.dev — SUSPICIOUS

> PhishDestroy identifies ldger-us-io.pages.dev hosting a crypto drainer kit impersonating Ledger. Verify URLs before clicking: PhishDestroy.com

## Summary
PhishDestroy analysts have identified ldger-us-io.pages.dev as an active crypto drainer infrastructure leveraging Cloudflare Pages to impersonate Ledger hardware wallets. The domain leverages a spoofed interface mimicking legitimate Ledger Live UI elements, instructing victims to connect hardware wallets to extract private keys and drain cryptocurrency holdings. This drainer kit is designed to bypass browser security warnings by operating within Cloudflare's Pages platform, which provides HTTPS encryption via Google Trust Services certificates, enhancing its deceptive authenticity.

Technical indicators reveal this domain remains undetected by security vendors, with VirusTotal showing 0/95 detections at the time of analysis. The domain resolves to IP address 172.66.47.107, a Cloudflare-operated server located in the United States. Registered through Cloudflare, Inc., the domain employs Google Trust Services SSL certificates to mask malicious intent under legitimate encryption protocols. Current WHOIS data indicates recent creation, though exact registration date remains obscured due to Cloudflare's privacy protections.

This domain is currently active and under investigation by PhishDestroy's anti-phishing unit. Immediate response actions include domain takedown requests to Cloudflare and coordination with Ledger's threat intelligence team to block associated cryptocurrency addresses. Despite Cloudflare's rapid response protocols, the domain's evasion tactics pose a persistent risk to cryptocurrency users. Users are strongly advised to verify URLs via PhishDestroy's verification tool before entering sensitive credentials or connecting hardware wallets.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.107

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ce1b0fde-fdff-41c3-9380-5fa9b3570dab
- PhishDestroy: https://phishdestroy.io/domain/ldger-us-io.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ldger-us-io.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ldger-us-io.pages.dev/
Last updated: 2026-03-24