# get-ledgar-io--en.pages.dev — SUSPICIOUS

> Check if get-ledgar-io--en.pages.dev is a phishing page stealing credentials. VT score 0/95, hosted on 172.66.44.176. Check the full report.

## Summary
PhishDestroy identifies get-ledgar-io--en.pages.dev as a credential theft page deployed under an active phishing campaign targeting unsuspecting users. The domain mimics the branding of 'Ledgar'—a legitimate entity—to deceive victims into entering sensitive login credentials. This page is part of a drainer kit designed to harvest credentials and session tokens, likely for subsequent account takeovers or financial fraud. The campaign leverages Cloudflare Pages to host the phishing content, ensuring rapid deployment and evasion of basic detection mechanisms. Threat actors are actively rotating infrastructure to maintain operational resilience, making this a high-priority threat for immediate mitigation.  

 This domain resolves to IP address 172.66.44.176 and is registered through Cloudflare, Inc., with a VirusTotal detection score of 0/95 as of the latest scan. The SSL certificate is issued by Google Trust Services, which may lend an air of legitimacy to the phishing page. The domain was created recently and remains unflagged by Google Safe Browsing (GSB) and other major blocklists, indicating a window of opportunity for the threat actors to operate undetected. The infrastructure’s reliance on Cloudflare’s Pages service complicates takedown efforts, as Cloudflare often prioritizes uptime over immediate content removal unless presented with conclusive evidence of malicious intent.  

 As of the latest assessment, get-ledgar-io--en.pages.dev remains active with a status of 'under_investigation.' PhishDestroy has flagged this domain for its role in credential theft and is coordinating with hosting providers and security vendors to expedite takedown. Users are advised to avoid interacting with this domain and report any suspicious activity immediately. The remaining risk is classified as high due to the unflagged status, lack of GSB detection, and the domain’s reliance on trusted services to host malicious content. Immediate action is required to prevent further victimization.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.176

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/9d3abee2-db43-4b52-a6e5-650a8fa346a7
- PhishDestroy: https://phishdestroy.io/domain/get-ledgar-io--en.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/get-ledgar-io--en.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/get-ledgar-io--en.pages.dev/
Last updated: 2026-03-22