# leddggr-com-start.pages.dev — MALICIOUS

> PhishDestroy identifies a fake Ledger wallet phishing site hosted on leddggr-com-start.pages.dev. 15/95 VirusTotal detections signal elevated risk.

## Summary
PhishDestroy identifies an active phishing campaign impersonating Ledger wallets, hosted at leddggr-com-start.pages.dev. This domain leverages a Cloudflare Pages subdomain to deliver a convincing replica of the official Ledger login portal, tricking users into entering their recovery phrases or private keys. The infrastructure resolves to IP 188.114.97.3 and is secured with a Google Trust Services SSL certificate to appear legitimate. Victims who enter credentials risk immediate theft of cryptocurrency assets.

This domain was flagged by 15 of 95 VirusTotal security vendors, indicating elevated risk and limited trust across the security community. Registered through Cloudflare, Inc., the site utilizes a dynamically generated Cloudflare Pages subdomain (pages.dev), which is commonly abused to evade traditional blocklists. The low detection rate combined with the use of a trusted SSL issuer suggests a sophisticated and rapidly evolving campaign aimed at bypassing automated defenses. Users should treat any unsolicited communication referencing Ledger recovery phrases or wallet authentication links with extreme caution.

If you have visited this site and entered any wallet-related credentials or recovery phrases, cease all use of the associated wallet immediately and transfer remaining funds to a newly created, secure wallet using a clean device. Revoke any connected applications or browser permissions tied to the compromised credentials. Report the incident to your wallet provider and consider filing a complaint with relevant cybercrime authorities. Monitor your devices for malware, as phishing pages may drop infostealers like RedLine or Lumma Stealer. Use hardware wallets for long-term storage and never share recovery seeds or private keys via digital channels.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 15 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/36882eea-76cc-47d3-b32e-8a3f93b50cf2
- PhishDestroy: https://phishdestroy.io/domain/leddggr-com-start.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/leddggr-com-start.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/leddggr-com-start.pages.dev/
Last updated: 2026-03-25