# learn-en-ledgr-faq.pages.dev — SUSPICIOUS

> This Cloudflare-hosted domain (learn-en-ledgr-faq.pages.dev) is a currently active fake FAQ phishing page with 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies learn-en-ledgr-faq.pages.dev as a live phishing domain masquerading as a legitimate FAQ page to harvest credentials or sensitive data. The threat actor leverages Cloudflare Pages for hosting while concealing behind a Google Trust Services SSL certificate, creating a false sense of legitimacy. This domain resolves to IP 188.114.96.3, which has been associated with similar low-profile phishing operations.

Analysis reveals this domain remains undetected by security vendors, with VirusTotal showing 0/95 engines flagging it as malicious. The domain was registered through Cloudflare, Inc., a common choice for threat actors seeking anonymity and evasion. While the exact creation date isn't specified in available intelligence, its active status and zero detections indicate a recently deployed campaign. Users are urged to treat this domain as hostile due to its potential to deceive victims into divulging personal or corporate information under the guise of technical support or documentation.

If you accessed learn-en-ledgr-faq.pages.dev, cease all interaction immediately and disconnect from any systems where credentials may have been entered. Scan for malware using updated tools and reset passwords for accounts that could have been exposed. Report the domain to your security team or through platforms like PhishDestroy or Google Safe Browsing to aid in takedown efforts. Avoid clicking any links or downloading files from this domain, as additional payloads or secondary infections may occur. Monitor network traffic for connections to 188.114.96.3 or similar IPs.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/learn-en-ledgr-faq.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/learn-en-ledgr-faq.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/learn-en-ledgr-faq.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/learn-en-ledgr-faq.pages.dev/
Last updated: 2026-04-03