# io-en-ledgrs.pages.dev — SUSPICIOUS

> io-en-ledgrs.pages.dev hosts a fake Ledger wallet phishing scam. This Cloudflare-hosted site (IP 188.114.96.3) steals crypto—block it now.

## Summary
PhishDestroy identifies io-en-ledgrs.pages.dev as an active generic phishing domain posing as a Ledger wallet recovery portal. The threat type is a cryptocurrency wallet phishing scam, designed to deceive users into entering their seed phrases or private keys. With a current risk level classified as under_investigation, this domain remains active and has not yet been flagged by most antivirus engines, showing 0 out of 95 detections on VirusTotal at the time of analysis.  This domain was flagged through Cloudflare’s Pages.dev platform, resolving to IP 188.114.96.3, and leverages a Google Trust Services SSL certificate to appear legitimate. Registered under Cloudflare, Inc., the domain uses a generic naming pattern that mimics official Ledger services, likely deployed to exploit users searching for wallet recovery tools. Despite its recent appearance and low detection rate, the absence of inclusion on major blocklists suggests it is still in early operational phases. The combination of a trusted hosting provider, valid SSL certificate, and low detection profile increases its potential to evade casual scrutiny by end users.  To mitigate exposure to this phishing threat, users should avoid interacting with io-en-ledgrs.pages.dev entirely. If access occurred, immediately check for unauthorized transactions or wallet access. Use hardware wallets like Ledger devices only through official channels (ledger.com), never via third-party domains. Report the domain to your antivirus vendor, browser blocklists, and PhishDestroy’s database using seed 8c745f to aid collective defense. Enable multi-factor authentication and monitor wallet activity for suspicious behavior.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/db987e67-b45f-4374-8acf-599cc01dc1ed
- PhishDestroy: https://phishdestroy.io/domain/io-en-ledgrs.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/io-en-ledgrs.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/io-en-ledgrs.pages.dev/
Last updated: 2026-04-12