# welcome-ldgr-guide.pages.dev — SUSPICIOUS

> PhishDestroy identifies welcome-ldgr-guide.pages.dev as a live crypto drainer impersonating Ledger wallets. VirusTotal shows 0/95 detections.

## Summary
PhishDestroy identifies the domain welcome-ldgr-guide.pages.dev as an active cryptocurrency drainer impersonating Ledger hardware wallets. The page leverages a spoofed Ledger interface to trick users into connecting wallets and signing malicious transactions that drain funds directly. No custom drainer kit has been isolated in available samples, suggesting the use of an off-the-shelf deployment script or a lightweight JavaScript-based wallet interceptor. Given the domain’s hosting on Google Pages and registrar via Cloudflare, threat actors are exploiting reputable infrastructure to evade initial detection.  

This domain resolves to IP 188.114.97.3 via Cloudflare and uses a valid SSL certificate issued by Google Trust Services. VirusTotal currently reports 0/95 threat detection engines flagging the domain as malicious. The domain was registered through Cloudflare, Inc., and hosted on Google Pages, indicating a deliberate choice of trusted providers to enhance credibility and reduce early suspicion. The Google Safe Browsing (GSB) status remains unflagged as of the latest scan, and no public blocklist entries have been observed. While the technical footprint is minimal, the combination of legitimate infrastructure and active campaign status suggests an ongoing, low-profile operation targeting crypto users.  

The campaign is presently active, with no confirmed takedown or mitigation in place. Users accessing this link are at immediate risk of asset loss if they interact with the spoofed Ledger interface. PhishDestroy recommends blocking the domain at DNS and network levels, reporting to Google Safe Browsing and Cloudflare Abuse, and warning Ledger users to verify URLs via official channels. Remaining risk is assessed as HIGH due to active deployment and lack of signatures, requiring rapid response to prevent further victimization.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/fe2909d2-96ff-429e-80e0-0ab12bf21689
- PhishDestroy: https://phishdestroy.io/domain/welcome-ldgr-guide.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/welcome-ldgr-guide.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/welcome-ldgr-guide.pages.dev/
Last updated: 2026-03-25