# faq-ledgrcom.pages.dev — SUSPICIOUS > faq-ledgrcom.pages.dev is a Ledger phishing site with 2/95 VirusTotal detections. This active scam mimics crypto wallet support to steal credentials. ## Summary PhishDestroy identifies faq-ledgrcom.pages.dev as an active Ledger phishing domain designed to deceive users into surrendering cryptocurrency wallet credentials under the guise of technical support. This fraudulent site mirrors legitimate Ledger FAQ domains while hosting malicious content on a Cloudflare Pages subdomain, leveraging Google Trust Services SSL certificates to appear authentic. The domain resolves to IP 188.114.97.3 and has been confirmed by 2 out of 95 VirusTotal security vendors as malicious, indicating a persistent but narrowly detected threat vector. This domain was flagged through Cloudflare’s registrar with a Google Trust Services SSL certificate and shows minimal detection coverage despite active phishing operations. VirusTotal analysis confirms detection by only 2/95 security vendors, while blocklist aggregators have recorded multiple user reports of credential theft attempts. The subdomain structure (pages.dev) is commonly abused by threat actors to host spoofed support pages that bypass traditional domain-based filtering. Technical indicators include the IP 188.114.97.3, which has been linked to prior phishing campaigns targeting financial services users. Users who visited faq-ledgrcom.pages.dev should immediately check their Ledger wallet for unauthorized transactions and revoke any exposed API keys or seed phrases. Disconnect any connected devices and run a malware scan on your system using reputable antivirus software. Report the domain to your wallet provider and consider transferring remaining funds to a new, secure wallet if credentials were entered. Monitor financial accounts for suspicious activity and enable two-factor authentication where available. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/0c978be2-000a-4d2c-98cc-9aff64fa56a8 - PhishDestroy: https://phishdestroy.io/domain/faq-ledgrcom.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/faq-ledgrcom.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/faq-ledgrcom.pages.dev/ Last updated: 2026-03-22