# start--ledgrecom--edge.pages.dev — SUSPICIOUS > start--ledgrecom--edge.pages.dev distributing generic phishing pages. 0/95 detections on VirusTotal. Check the full report. ## Summary PhishDestroy identifies start--ledgrecom--edge.pages.dev as an active generic phishing domain currently under investigation by security teams. This site masquerades as a legitimate service to harvest user credentials and sensitive data, posing a clear threat to unwary visitors. The domain remains unblocked in most feeds despite its malicious nature, requiring immediate attention from SOC teams and end-users alike. The risk level is classified as under_investigation, but early indicators suggest this threat is both active and evolving in sophistication, warranting elevated scrutiny during incident response workflows. This domain was flagged after resolving to IP address 188.114.97.3 and registering through Cloudflare, Inc., leveraging Google Trust Services for SSL encryption to enhance credibility. According to VirusTotal, the domain currently shows 0 detections out of 95 security engines, indicating it has not yet been widely recognized by automated defenses. While no formal creation date is publicly available, the domain’s configuration suggests recent deployment aimed at exploiting trust in well-known infrastructure. As of now, this domain remains absent from major threat intelligence blocklists and reputation databases, further complicating early detection efforts. To mitigate exposure to this phishing domain, security teams should implement DNS-level blocking using the IP address 188.114.97.3 and domain name start--ledgrecom--edge.pages.dev in firewalls and secure web gateways. Users should avoid accessing the site and report any accidental visits to their SOC for analysis. Additionally, organizations are advised to inspect SSL certificates for anomalies and validate traffic patterns involving Cloudflare Workers domains, as this infrastructure is increasingly abused in phishing campaigns. Continuous monitoring for new subdomains or variations is strongly recommended to prevent lateral movement within compromised networks. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/27d32697-bd99-406d-b603-464cc2d7f282 - PhishDestroy: https://phishdestroy.io/domain/start--ledgrecom--edge.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/start--ledgrecom--edge.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/start--ledgrecom--edge.pages.dev/ Last updated: 2026-04-12