# learrn-ledgr-log.pages.dev — SUSPICIOUS > PhishDestroy identifies learrn-ledgr-log.pages.dev as a fake Ledger login phishing page — 0/95 VirusTotal detections. Check the full report. ## Summary PhishDestroy identifies learrn-ledgr-log.pages.dev as an active fake Ledger login phishing page under investigation. This domain poses a significant risk due to its deceptive resemblance to legitimate Ledger services, potentially compromising user credentials and cryptocurrency assets. This domain was flagged with zero detections out of 95 VirusTotal engines, indicating it has evaded initial detection mechanisms. It resolves to IP 172.66.47.25, leverages a Google Trust Services SSL certificate for credibility, and is registered through Cloudflare, Inc. The infrastructure’s reliance on Cloudflare’s reputable services highlights the sophistication of the threat actor’s attempt to bypass traditional defenses. Despite its current lack of blocklist presence, the domain’s recent activation and alignment with known phishing tactics warrant heightened scrutiny. The SSL certificate, issued by Google Trust Services, further complicates detection efforts, as it may lull users into a false sense of security by presenting a seemingly legitimate connection. Mitigating risks associated with this phishing domain requires immediate user awareness and proactive defensive measures. Users should verify the legitimacy of any Ledger-related login pages by cross-checking URLs against the official domain (ledger.com) and enabling two-factor authentication (2FA) to add an extra layer of security. Organizations are advised to implement DNS-based filtering solutions to block access to learrn-ledgr-log.pages.dev and similar deceptive domains. Additionally, security teams should update threat intelligence feeds with this domain’s indicators of compromise (IOCs), including the IP address and SSL certificate thumbprint, to enhance network monitoring capabilities. Continuous monitoring for user reports of credential compromise or unauthorized transactions is critical to mitigate potential fallout from this phishing campaign. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.25 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/22e4c850-044f-42d2-903d-177ebe5b9d72 - PhishDestroy: https://phishdestroy.io/domain/learrn-ledgr-log.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/learrn-ledgr-log.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/learrn-ledgr-log.pages.dev/ Last updated: 2026-03-26