# us-leger-io.pages.dev — SUSPICIOUS > PhishDestroy identifies us-leger-io.pages.dev as a fake Leger.io phishing site stealing crypto. Resolves to IP 188.114.97.3. Avoid entering private keys. ## Summary PhishDestroy identifies us-leger-io.pages.dev as an active cryptocurrency phishing domain posing as Leger.io, with a threat level currently under investigation. This domain mimics the legitimate Leger.io hardware wallet service to deceive users into entering private keys or seed phrases, enabling cryptocurrency theft. The site has not yet been flagged by VirusTotal despite 0/95 detections, indicating a low profile and potential for rapid expansion in phishing campaigns. Resolving to IP address 188.114.97.3, this domain is hosted on Cloudflare infrastructure and secured with a Google Trust Services SSL certificate, which may lend it an air of legitimacy to unsuspecting visitors. This domain was flagged with a risk level of 'under_investigation' and a threat type of 'generic_phishing.' VirusTotal currently shows 0/95 detections, suggesting it has evaded immediate detection by major antivirus engines. The domain is registered through Cloudflare, Inc., and resolves to IP 188.114.97.3, which is associated with dynamic hosting environments often exploited by threat actors. The SSL certificate, issued by Google Trust Services, adds a layer of perceived trustworthiness, potentially luring users into a false sense of security. The domain is hosted on Cloudflare Pages, a legitimate service that has been abused to host malicious content due to its ease of deployment and global CDN capabilities. While no blocklist mentions were found in the available data, the lack of detections on VirusTotal and the domain's recent deployment suggest a high likelihood of escalation in phishing activities targeting cryptocurrency users. To mitigate the risk posed by us-leger-io.pages.dev, users should avoid interacting with the domain entirely, as it is designed to impersonate Leger.io and steal sensitive cryptocurrency wallet information. If you have visited this domain and entered any private keys, seed phrases, or wallet credentials, immediately transfer your assets to a new, secure wallet and revoke any permissions granted to the compromised wallet. Use hardware wallets or official software from verified sources, and verify website URLs carefully—legitimate Leger.io domains include leger.com and ledger.com. Report the domain to your antivirus provider, browser security teams, and relevant cryptocurrency security forums (e.g., CryptoScamDB) to aid in its takedown. Enable multi-factor authentication (MFA) on all cryptocurrency accounts and use dedicated, isolated devices for wallet management to reduce exposure to phishing attacks. Monitor your transaction history and wallet addresses for unauthorized activity, as attackers may attempt to drain funds immediately after obtaining credentials. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/8e5dd2d0-03a6-4880-851e-3d2bed539ae6 - PhishDestroy: https://phishdestroy.io/domain/us-leger-io.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/us-leger-io.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/us-leger-io.pages.dev/ Last updated: 2026-03-29