# ledger-com-help-esz.pages.dev — SUSPICIOUS

> ledger-com-help-esz.pages.dev identified as a Ledger brand impersonation site, 0/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy identifies ledger-com-help-esz.pages.dev as an active brand impersonation campaign targeting Ledger cryptocurrency wallet users. The domain leverages visual deception and fraudulent SSL certificates to mimic official Ledger support channels, creating a high-risk phishing ecosystem designed to harvest seed phrases and private keys from unsuspecting victims. Threat actors employ Cloudflare infrastructure to obscure hosting origins while Google Trust Services provides SSL legitimacy, amplifying social engineering effectiveness through perceived authenticity.  This domain exhibits a threat profile marked by multiple concerning technical indicators. VirusTotal analysis reports 0 detections out of 95 scanning engines as of initial assessment, indicating a novel threat bypassing conventional detection layers. The domain resolves to IP address 188.114.97.3, with Cloudflare, Inc. serving as the registered entity under verifiable WHOIS records. Google Safe Browsing (GSB) currently maintains no classification for this URL, while no public blocklists show inclusion. The page utilizes the *pages.dev subdomain under Cloudflare Pages, a dynamic hosting environment frequently exploited for ephemeral phishing operations.  Current status places this domain under active investigation as PhishDestroy performs behavioral analysis to determine drainer kit deployment and exfiltration endpoints. No takedown actions have been initiated by hosting providers at this time, maintaining operational availability for threat intelligence collection. Remaining risk assessment identifies medium propagation potential due to SSL legitimacy and Ledger’s prominence in cryptocurrency security infrastructure. Users are advised to verify all support URLs through official channels, implement browser extension-based domain verification tools, and report suspicious endpoints to Ledger’s phishing reporting channels. Security teams should implement IP-based blocking for 188.114.97.3 while monitoring for similar Cloudflare Pages deployments.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/ledger-com-help-esz.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/ledger-com-help-esz.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledger-com-help-esz.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledger-com-help-esz.pages.dev/
Last updated: 2026-04-04