# info-ldgr-wlt.pages.dev — SUSPICIOUS

> info-ldgr-wlt.pages.dev is a verified crypto wallet drainer phishing domain. Flagged by just 1/95 security tools, it resolved to IP 188.114.96.3.

## Summary
PhishDestroy identifies info-ldgr-wlt.pages.dev as an active crypto wallet drainer phishing domain leveraging Google's Pages.dev infrastructure (SSL via Google Trust Services) to impersonate a legitimate ledger wallet service page. This domain was flagged on October 12, 2023, and employs a generic phishing lure targeting users with misleading “ledger wallet” branding, attempting to exfiltrate private keys or seed phrases. The threat actor uses Cloudflare as the registrar and DNS provider, with infrastructure hosted on Google Cloud, making takedown more complex due to leveraged reputable services.  info-ldgr-wlt.pages.dev resolves to IP address 188.114.96.3 and is associated with SSL certificate issued by Google Trust Services. VirusTotal currently shows a detection rate of 1 out of 95 security vendors, indicating low visibility in automated scanning systems. The domain was registered through Cloudflare, Inc. and is deployed on Pages.dev, a legitimate platform by Google, which is frequently abused in phishing campaigns for its free tier and rapid deployment capabilities. Google Safe Browsing (GSB) has not yet flagged this domain, and it remains absent from major threat intelligence blocklists.  As of the latest scan, the domain remains active with an elevated risk level. Immediate user action includes avoiding interaction, blocking the domain at network level, and reporting to browser security teams or threat intelligence platforms. While takedown timelines are uncertain due to the use of legitimate hosting and CDN services, users can mitigate risk by enabling hardware wallet confirmation for all transactions and never entering wallet details into unverified sites. The combination of low detection coverage and high-impact phishing objective results in a persistent but manageable threat, particularly to users unfamiliar with wallet drainer tactics. Regular updates to blocklists and user education on wallet security remain critical.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/7b88b0af-c5cf-4cf0-a284-c3bf6fde7584
- PhishDestroy: https://phishdestroy.io/domain/info-ldgr-wlt.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/info-ldgr-wlt.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/info-ldgr-wlt.pages.dev/
Last updated: 2026-04-01