# start--en-ledgrcom.pages.dev — SUSPICIOUS > PhishDestroy identifies start--en-ledgrcom.pages.dev as a fake Ledger login phishing site resolving to 188.114.96.3 with 0/95 VirusTotal detections. ## Summary PhishDestroy identifies start--en-ledgrcom.pages.dev as an active phishing domain impersonating Ledger, a popular cryptocurrency hardware wallet provider. This domain was flagged under a generic phishing campaign designed to steal user credentials by mimicking the official Ledger login portal. Victims who enter their email or password on this fraudulent page risk immediate account compromise, unauthorized access to cryptocurrency funds, and potential exposure of personally identifiable information. This domain was flagged on VirusTotal with zero detections out of 95 antivirus engines as of the latest scan, indicating it remains undetected by most security platforms. The domain resolves to IP address 188.114.96.3 and is registered through Cloudflare, Inc., leveraging Google Trust Services for an SSL certificate to appear legitimate. The use of Cloudflare Pages (pages.dev) allows threat actors to rapidly deploy and modify phishing infrastructure while concealing their true origin, making detection and takedown more difficult. If you visited start--en-ledgrcom.pages.dev, assume your credentials may have been compromised. Immediately change your Ledger account password using the official website at ledger.com, enable two-factor authentication, and review your account activity for unauthorized transactions. If you reused the same password elsewhere, change it immediately on all accounts. Report the domain to your email provider and Ledger support. Avoid clicking links in unsolicited emails or messages, and always verify URLs by typing them manually or using trusted bookmarks. Use browser extensions like uBlock Origin or PhishDestroy to block known malicious domains proactively. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/0deaaee6-bd90-486f-8ee4-cab90f1e2cfa - PhishDestroy: https://phishdestroy.io/domain/start--en-ledgrcom.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/start--en-ledgrcom.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/start--en-ledgrcom.pages.dev/ Last updated: 2026-04-12