# ledger-portal-us.pages.dev — SUSPICIOUS

> ledger-portal-us.pages.dev is a crypto draining phishing site flagged by 1 of 95 VirusTotal vendors. It mimics Ledger's official portal to steal cryptocurrency.

## Summary
PhishDestroy identifies ledger-portal-us.pages.dev as an active crypto draining phishing domain impersonating Ledger's official web portal. This domain poses an elevated risk due to its use of crypto drainer malware designed to intercept and divert cryptocurrency transactions to attacker-controlled wallets. The threat actor leverages deceptive domain naming (pages.dev) and Cloudflare infrastructure to lend false legitimacy to the fraudulent site, increasing the likelihood of successful user deception and financial theft.  This domain was flagged by 1 of 95 VirusTotal security vendors at the time of analysis. It resolves to IP address 188.114.97.3 and is registered through Cloudflare, Inc., utilizing a Google Trust Services SSL certificate to appear trustworthy. The combination of low detection rates, use of reputable infrastructure providers, and SSL encryption creates a dangerous attack surface for cryptocurrency users seeking legitimate Ledger services. The domain's structure (pages.dev subdomain) mimics legitimate development environments, potentially tricking users into believing they are accessing a secure, beta, or staging portal for Ledger services.  ledger-portal-us.pages.dev remains active and poses a concrete threat to cryptocurrency holders. Users should immediately cease all interaction with this domain and verify any Ledger-related communications through the official ledger.com domain or verified Ledger support channels. If you have entered wallet credentials or private keys on this site, transfer remaining assets to a newly generated wallet immediately and revoke any wallet approvals made through this fraudulent interface. Block this domain at your network perimeter and report it to relevant abuse teams including Google Trust Services, Cloudflare, and cryptocurrency platform security teams. Maintain heightened scrutiny for similar deceptive domains leveraging Cloudflare Pages services or mimicking legitimate cryptocurrency wallet interfaces.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/de091621-11b3-4065-9416-121824f33d22
- PhishDestroy: https://phishdestroy.io/domain/ledger-portal-us.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledger-portal-us.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledger-portal-us.pages.dev/
Last updated: 2026-03-30