# lexger--login.pages.dev — MALICIOUS > High-risk lexger--login.pages.dev mimics Ledger for crypto drainer credential theft, flagged by 7/95 VirusTotal engines. Block this active scam immediately. ## Summary The domain lexger--login.pages.dev has been confirmed as an active Ledger brand impersonation site designed for credential theft and potential cryptocurrency draining. PhishDestroy identifies this infrastructure as an elevated-threat campaign targeting users through deceptive login portals that closely replicate legitimate Ledger authentication pages. The threat type is specifically classified as brand impersonation, leveraging forged UI elements to trick visitors into entering sensitive credentials or crypto wallet details. This domain is not merely a generic phishing lure—it is engineered to harvest authentication tokens and private keys under the guise of a trusted hardware wallet brand. This domain exhibits multiple technical indicators of malicious intent. According to threat intelligence analysis, it resolves to IP address 188.114.97.3 and is hosted via Cloudflare, Inc. with a Google Trust Services SSL certificate. VirusTotal analysis confirms detection by 7 out of 95 security vendors, indicating significant but not universal recognition of its malicious nature. While the domain's Cloudflare-hosted Pages.dev subdomain structure suggests recent deployment, the use of a legitimate certificate authority highlights an attempt to appear trustworthy at first glance. The combination of brand impersonation, active hosting, and partial detection rate underscores a sophisticated and evolving threat vector targeting cryptocurrency users. Given the specific threat type—brand impersonation with potential for credential theft and crypto asset compromise—users must treat this domain as hostile and abstain from any interaction. Ledger users should be especially cautious, as this campaign may harvest login credentials or seed phrases under the pretense of account verification or firmware updates. To mitigate risk, immediately block access to lexger--login.pages.dev at the network and DNS levels. Users who may have entered credentials or wallet information on this domain are advised to revoke associated API keys, reset passwords, and transfer funds from connected wallets to new, isolated addresses. Report the domain to your security provider and Ledger’s official fraud reporting channels to aid in broader takedown efforts. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 7 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/163b745a-a035-48b0-94e3-d7a5ba90ef9b - PhishDestroy: https://phishdestroy.io/domain/lexger--login.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/lexger--login.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/lexger--login.pages.dev/ Last updated: 2026-03-29