# us-en-ldger.pages.dev — SUSPICIOUS > PhishDestroy identifies us-en-ldger.pages.dev as a Ledger phishing site hosted on Cloudflare with 0/95 VirusTotal detections. Avoid entering credentials here. ## Summary PhishDestroy identifies us-en-ldger.pages.dev as a fraudulent Ledger login page actively impersonating the legitimate cryptocurrency wallet provider. This generic phishing domain is designed to harvest user credentials under the guise of a 'US English Ledger' login portal, tricking victims into surrendering sensitive wallet recovery phrases or API keys. The threat actor leverages Cloudflare Pages to rapidly deploy the spoofed login interface, while Google Trust Services SSL certificates add superficial legitimacy to the fraudulent page. Analysis of the infrastructure reveals the domain resolves to IP 188.114.97.3, where it remains undetected by 95 VirusTotal scanners as of the latest scan, indicating a low barrier to entry for deployment and evasion of traditional detection mechanisms. This domain was flagged under seed 96094c with an under-investigation risk level, despite being actively hosted on Cloudflare, Inc.’s infrastructure. The absence of detections on VirusTotal (0/95) highlights the stealthy nature of this campaign, which relies on newly registered domains and trusted service providers to bypass security filters. While the exact registration date remains unverified, the domain’s current configuration—paired with Google Trust Services SSL—demonstrates a deliberate effort to appear authentic. Security researchers note that such tactics are common in phishing campaigns targeting cryptocurrency users, where urgency and trust in established brands are exploited to maximize victim engagement. Users who have interacted with us-en-ldger.pages.dev should immediately cease any input of credentials or sensitive data and revoke any permissions granted to the site. If login details were entered, users must change their Ledger account password and enable two-factor authentication if not already active. Review all active sessions and connected applications via the official Ledger dashboard, and monitor cryptocurrency wallets for unauthorized transactions. Report the domain to PhishDestroy and local cybersecurity authorities to aid in global takedown efforts. Organizations are advised to block this domain at the network level and update endpoint detection rules to flag similar Cloudflare-hosted phishing pages. Maintain vigilance for follow-on phishing attempts using variations of this domain or themed decoys related to cryptocurrency services. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/83b64077-ec95-4c68-9c29-2264977f4522 - PhishDestroy: https://phishdestroy.io/domain/us-en-ldger.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/us-en-ldger.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/us-en-ldger.pages.dev/ Last updated: 2026-04-13