# public-ledgr-login.pages.dev — MALICIOUS > PhishDestroy flags public-ledgr-login.pages.dev as a credential theft phishing site. 13/95 VirusTotal vendors detected this crypto wallet drainer. ## Summary PhishDestroy identifies public-ledgr-login.pages.dev as an active credential theft phishing domain posing as a public ledger login portal. This site is engineered to harvest cryptocurrency wallet credentials and seed phrases under the guise of a legitimate service update or security check. The high-risk classification reflects the imminent danger to user assets and the confirmed malicious infrastructure supporting the operation. This domain was flagged by Google Safe Browsing under the SOCIAL_ENGINEERING category and carries a 13/95 detection ratio on VirusTotal, indicating significant but not universal recognition by security vendors. It resolves to IP address 188.114.97.3, which is associated with Cloudflare’s edge network, complicating direct takedown via hosting provider. The domain uses a Google Trust Services SSL certificate to enhance authenticity, while being registered through Cloudflare, Inc., a common tactic among threat actors to obscure true ownership and evade abuse enforcement. The domain’s *.pages.dev subdomain under Cloudflare Pages suggests rapid deployment and potential use in bulk phishing campaigns targeting cryptocurrency users. Immediate mitigation is required: users should avoid visiting public-ledgr-login.pages.dev entirely. If credentials were entered, assume compromise and transfer remaining funds to a new wallet using only official software from verified sources. Report the domain to your wallet provider and file an incident with CipherTrace or Chainalysis if funds are at risk. Block the domain at DNS and network levels using threat intelligence feeds that include this indicator. Cloudflare users should report the domain via Cloudflare’s abuse portal with full URL and evidence of credential theft. Always verify URLs via official channels and use hardware wallets or multisig setups to reduce exposure to single-point credential theft. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 13 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/42f9c620-9a7a-4b29-bf91-94125987bc64 - PhishDestroy: https://phishdestroy.io/domain/public-ledgr-login.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/public-ledgr-login.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/public-ledgr-login.pages.dev/ Last updated: 2026-03-22