# learn--ledgr-log.pages.dev — SUSPICIOUS

> learn--ledgr-log.pages.dev mimics Ledger login to steal crypto. This Google-hosted phishing page went undetected with 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies the active phishing domain learn--ledgr-log.pages.dev impersonating the legitimate Ledger login portal to harvest cryptocurrency credentials and seed phrases. This generic phishing strain employs URL typosquatting and a Google Trust Services SSL certificate to appear authentic, luring victims into entering sensitive wallet information under the guise of a security update. No drainer kit artifacts have been publicly disclosed as of this report, but the campaign’s targeting of Ledger users suggests a likely on-chain fund exfiltration mechanism.  This domain was flagged by PhishDestroy with the following technical indicators: VirusTotal score 0/95 detections as of 54804a, registered through Cloudflare on an IP block allocated to Cloudflare at 188.114.96.3, and secured with a Google Trust Services SSL certificate. The domain resolves to Cloudflare’s edge network and remains under investigation with zero blocklist entries recorded across major threat intelligence platforms.  As of this analysis the domain remains active and is not yet flagged by Safe Browsing or other major blocklists. Users should immediately avoid interacting with learn--ledgr-log.pages.dev and instead access Ledger services only via the official ledger.com domain. Chrome users can enable Enhanced Safe Browsing to receive real-time protection, while wallet holders are advised to revoke any exposed API keys and move remaining funds to hardware wallets with updated firmware. The remaining risk is elevated due to the undetected status and Google-hosted infrastructure, necessitating ongoing monitoring and proactive user education.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/d16f0bea-1985-48ae-9475-ec9b59ffaf73
- PhishDestroy: https://phishdestroy.io/domain/learn--ledgr-log.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/learn--ledgr-log.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/learn--ledgr-log.pages.dev/
Last updated: 2026-03-26