# support-ldger-usa.pages.dev — MALICIOUS

> support-ldger-usa.pages.dev is a crypto drainer impersonating Ledger. 11/95 VirusTotal vendors flag this domain. Avoid clicking suspicious links.

## Summary
PhishDestroy identifies support-ldger-usa.pages.dev as an active crypto-draining phishing domain designed to steal cryptocurrency from victims by impersonating Ledger, a major hardware wallet brand. The page uses a fraudulent support guise to trick users into connecting their wallets and signing malicious transactions that drain funds. No custom drainer kit fingerprint has been publicly documented, but behavioral analysis indicates the use of EVM-compatible transaction signing prompts and clipboard manipulation typical of generic drainer scripts hosted on Cloudflare Pages. The domain does not appear to be tied to a known exploit kit but leverages social engineering against Ledger users under the pretext of account recovery or device support.

Technical indicators confirm elevated risk: the domain scored 11/95 detections on VirusTotal as of the latest scan, with flagging vendors including Kaspersky and SentinelOne. It was registered via Cloudflare, Inc., resolving to IP 188.114.97.3. The domain uses a Google Trust Services SSL certificate and is served through Cloudflare Pages, a common tactic to obscure origin and evade takedown. The SSL certificate chain is valid, and the domain has not been flagged by Google Safe Browsing (GSB) at this time. No blocklist participation data is publicly available via standard APIs, suggesting either recent activation or limited global exposure.

This domain remains active as of the latest intelligence cycle. Immediate response includes network-level blocking of the domain and IP, user advisories to avoid visiting the link, and wallet providers (especially Ledger) should issue customer warnings. Remaining risk is elevated due to the use of legitimate hosting infrastructure (Cloudflare Pages and Google Trust Services), which increases evasion potential. Users interacting with this domain risk irreversible cryptocurrency loss via fraudulent transaction signing. No evidence of takedown has been observed; continued monitoring is essential.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 11 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/b818836a-95f6-4b08-8867-d597b8777b9f
- PhishDestroy: https://phishdestroy.io/domain/support-ldger-usa.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/support-ldger-usa.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/support-ldger-usa.pages.dev/
Last updated: 2026-03-22