# ledggerr-com-start.pages.dev — SUSPICIOUS

> Ledgerr-com-start.pages.dev is a crypto wallet phishing site with 0/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy identifies ledgerr-com-start.pages.dev as an active cryptocurrency wallet phishing domain designed to harvest login credentials under the guise of a Ledger service page. The site is classified as a generic phishing threat with an under investigation risk level, indicating potential for significant user compromise. This domain mimics official Ledger pages to deceive visitors into entering sensitive wallet recovery phrases or private keys, which are immediately exfiltrated to attacker-controlled servers. The threat is currently undetected by 95 VirusTotal scanners, highlighting the need for immediate user awareness and proactive blocking measures.  This domain was flagged by PhishDestroy after resolving to IP address 188.114.96.3, which is hosted on Cloudflare Pages infrastructure under Google Trust Services SSL certificates. The domain remains unlisted on all major blocklists as of the latest analysis, with no detections recorded across VirusTotal’s security vendor network. The page is registered through Cloudflare, Inc., a common choice for threat actors seeking bulletproof hosting due to its privacy protections and robust infrastructure. The use of Google Trust Services for SSL certificates adds a superficial layer of legitimacy, potentially tricking security-conscious users into trusting the domain. Despite its current undetected status, the domain’s active status and phishing payload deployment pose a clear and present danger to cryptocurrency users.  Mitigation for this threat requires immediate action from both users and network defenders. Users should verify any Ledger-related communication by visiting the official ledger.com domain directly and never through unsolicited links. Organizations should block the domain ledgerr-com-start.pages.dev at the DNS and firewall levels using threat intelligence feeds, and inspect outbound traffic for connections to 188.114.96.3. Security teams should also audit logs for any HTTP POST requests to suspicious domains, particularly those requesting wallet recovery phrases or private keys. Given the 0/95 detection rate, this campaign represents an emerging threat that may escalate rapidly—prompt blocking and user education are critical to prevent credential theft and financial loss. PhishDestroy recommends treating this domain as hostile until further evidence confirms its takedown or remediation.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/aac09571-8086-43f0-ad1c-909b85b3bc11
- PhishDestroy: https://phishdestroy.io/domain/ledggerr-com-start.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledggerr-com-start.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledggerr-com-start.pages.dev/
Last updated: 2026-03-22