# hub-ledre-en.pages.dev — SUSPICIOUS

> hub-ledre-en.pages.dev domain active as a credential theft phishing site impersonating Ledger wallet services. Currently flagged by 0 of 95 VirusTotal vendors.

## Summary
PhishDestroy identifies the active domain 'hub-ledre-en.pages.dev' as a credential theft phishing campaign impersonating Ledger hardware wallet services. The infrastructure is currently active and under investigation for malicious operations targeting cryptocurrency users.


The domain hub-ledre-en.pages.dev is registered through Cloudflare, Inc., resolving to IP address 172.66.44.75. As of the latest assessment, the site has not been flagged by any of the 95 VirusTotal vendors and utilizes an SSL certificate issued by Google Trust Services. The domain is hosted on Cloudflare Pages, a platform often abused for short-lived phishing campaigns. The infrastructure shows no immediate blocklist presence, though trust indicators remain low due to the absence of detections and the impersonation of a high-risk target—Leger wallet users. The seed identifier 'c8d6b0' confirms this as a unique campaign variant.


This domain is assessed as ACTIVE and poses a HIGH RISK to users attempting to access Ledger wallet services or related cryptocurrency interfaces. Given the lack of detection coverage and the immediate threat to financial assets, organizations and individual users are advised to block the domain at the network and DNS levels. Additionally, users who may have interacted with this domain should immediately revoke any entered credentials, enable two-factor authentication on all crypto-related accounts, and monitor for unauthorized transactions. Security teams should flag this indicator in SIEM and EDR solutions as a confirmed credential theft site.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.75

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/dea8d580-cb04-415b-8ba7-ff71e9cb044a
- PhishDestroy: https://phishdestroy.io/domain/hub-ledre-en.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/hub-ledre-en.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/hub-ledre-en.pages.dev/
Last updated: 2026-04-12