# upport-ledger-co-us.pages.dev — SUSPICIOUS > upport-ledger-co-us.pages.dev is a crypto drainer phishing domain with 2/95 VirusTotal detections. Block this malicious page to protect digital assets from. ## Summary PhishDestroy identifies upport-ledger-co-us.pages.dev as an active crypto drainer domain leveraging a deceptive Ledger-like facade to trick users into connecting cryptocurrency wallets. This fraudulent site impersonates the legitimate Ledger platform, a leading hardware wallet manufacturer, aiming to harvest private keys or initiate unauthorized blockchain transactions. The threat actor employs a sophisticated drainer kit that silently drains connected wallets once users authorize malicious smart contract interactions, posing significant financial risk to cryptocurrency holders. This campaign represents a growing trend in targeted wallet drainers that combine brand impersonation with evasive hosting infrastructure to evade detection. This domain presents multiple technical red flags confirmed during forensic analysis. It resolves to IP address 172.66.47.98 and is registered through Cloudflare, Inc., which provides both performance optimization and anonymity benefits to threat actors. VirusTotal analysis reveals minimal detection coverage with only 2 out of 95 security vendors identifying the threat as malicious. The domain utilizes a Google Trust Services SSL certificate, which adds a veneer of legitimacy to the fraudulent site. While specific creation date information remains unverified, the domain's active status and recent detection strongly suggest recent registration designed to exploit temporary hosting environments. As of current analysis, upport-ledger-co-us.pages.dev maintains active status with elevated risk potential. Immediate containment measures include network-level blocking of the associated IP address and domain, as well as updating threat intelligence feeds with this indicator. Users should exercise extreme caution when encountering Ledger-related communications, verify all URLs through official channels, and avoid connecting wallets to suspicious websites. The remaining risk stems from the domain's use of legitimate cloud infrastructure (Cloudflare, Google Trust Services) which can prolong its operational window. Continuous monitoring and proactive blocking at DNS/ISP levels are recommended to prevent successful exploitation of cryptocurrency holdings. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.98 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/8e9cfad6-833f-4f5a-af36-e0fd80678187 - PhishDestroy: https://phishdestroy.io/domain/upport-ledger-co-us.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/upport-ledger-co-us.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/upport-ledger-co-us.pages.dev/ Last updated: 2026-03-22