# ldger-wllt.pages.dev — SUSPICIOUS

> This Cloudflare-hosted site ldger-wllt.pages.dev actively mimics the Ledger brand. Impersonation confirmed by SOC teams.

## Summary
PhishDestroy identifies ldger-wllt.pages.dev as a live domain actively engaged in Ledger brand impersonation, which poses a significant risk to cryptocurrency users. The site's use of Google Trust Services SSL certificates and Cloudflare infrastructure adds a veneer of legitimacy, increasing the likelihood of successful deception among less cautious users. Given its current evasion of detection systems with zero detections on VirusTotal, this domain warrants immediate attention from security teams and vigilance from potential targets.

This domain was flagged with zero detections on VirusTotal out of 95 engines tested, resolving to IP address 188.114.96.3. The domain is registered through Cloudflare, Inc., leveraging Google Trust Services for SSL certificates — a combination often used to bypass traditional security filters. The suspicious site specifically impersonates the Ledger cryptocurrency wallet brand, which has become a prime target for threat actors due to the high value and sensitive nature of digital assets managed through such platforms.

Mitigation requires immediate domain blocking at network and endpoint levels, with SOC teams updating firewall rules to drop all traffic to 188.114.96.3. Users must verify all wallet-related URLs through official channels before entering sensitive information. Organizations should alert cryptocurrency users within their environment to this impersonation campaign, emphasizing the importance of manual URL verification. Additionally, threat hunting activities should search for similar domains leveraging Google Trust Services certificates and Cloudflare infrastructure to preemptively block emerging variants.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/ldger-wllt.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/ldger-wllt.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ldger-wllt.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ldger-wllt.pages.dev/
Last updated: 2026-04-02