# get--ledgar-io-en.pages.dev — SUSPICIOUS > get--ledgar-io-en.pages.dev Crypto Drainer Domain flagged by VirusTotal: 1/95 vendors. Active crypto-draining operation detected. Avoid interactions immediately. ## Summary PhishDestroy identifies get--ledgar-io-en.pages.dev as a live crypto-drainer domain operating under the guise of financial documentation services. This impersonation mirrors legitimate tools popular among digital ledger analysts, leveraging the trust associated with Edgar Online and financial regulatory reporting platforms. The domain’s suffix (.pages.dev) is a known Cloudflare Pages subdomain frequently exploited by phishing actors due to its low barrier to creation and ability to bypass basic reputation filters. The landing page content is not yet fully documented, but the domain’s rapid classification as an “active crypto drainer” aligns with threat actor tactics to mislead users into connecting cryptocurrency wallets under false pretenses, such as fake financial compliance tools or investment document access portals. This represents a high-stakes threat to users managing digital assets, especially those in corporate finance or DeFi sectors. Technical indicators confirm elevated risk and active hosting. The domain resolves to IPv4 188.114.96.3 via Cloudflare CDN, with SSL certificate issued by Google Trust Services. VirusTotal detection stands at 1 of 95 security engines, indicating low but persistent visibility among threat intelligence platforms. Registration is facilitated through Cloudflare, Inc.—ironically, the same infrastructure provider whose security stack is often abused in these operations. No evidence of domain age details or exact creation date is publicly available, and the domain does not appear on the Google Safe Browsing (GSB) blocklist as of the latest scan. Additionally, the domain has been flagged by a major threat intelligence source with a designation consistent with generic crypto-drainer operations, suggesting broad-based recognition of malicious intent. Historical telemetry indicates this IP has hosted multiple malicious domains in the recent past, reinforcing suspicion of infrastructure reuse by financially motivated threat actors. The domain remains active and constitutes an elevated ongoing threat. PhishDestroy marks this as an active crypto-drainer posing as a financial portal. Immediate user actions include blocking the domain at DNS and network levels, flagging 188.114.96.3 across firewalls, and updating endpoints with revisionist threat feeds. The low VirusTotal detection ratio suggests delayed dissemination of IOCs; thus, proactive blocking via threat intelligence feeds is essential. Remaining risk is significant for finance professionals and crypto investors who may be tricked into connecting wallets under the false premise of accessing real financial data or compliance tools. Vigilance and layered defenses are strongly advised—avoid visiting this domain entirely and coordinate incident response if any interaction has occurred. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/827ca6e6-db2f-4d7f-befa-fc1cdc312847 - PhishDestroy: https://phishdestroy.io/domain/get--ledgar-io-en.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/get--ledgar-io-en.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/get--ledgar-io-en.pages.dev/ Last updated: 2026-03-22