# app-ledger-start.pages.dev — MALICIOUS > PhishDestroy identifies app-ledger-start.pages.dev as a crypto-drainer scam. 15 out of 95 VirusTotal vendors flag this Google-hosted page that lures users to. ## Summary app-ledger-start.pages.dev is a confirmed crypto-draining phishing site that poses a high risk to cryptocurrency users. This fraudulent page is designed to trick visitors into connecting their wallets or entering private keys, allowing attackers to drain funds without consent. Once a user interacts with the page, malware or smart-contract traps silently siphon tokens, stablecoins, or NFTs directly into attacker-controlled wallets. The site masquerades as a legitimate Ledger or wallet-related service, exploiting trust in established crypto infrastructure to deceive even cautious users. Reports indicate multiple victims have already lost significant digital assets after being lured to this domain from social media or fake support sites. PhishDestroy confirms this threat through authoritative sources. Google Safe Browsing lists the domain under SOCIAL_ENGINEERING, indicating active deception. VirusTotal reports 15 out of 95 security vendors flagged the domain as malicious as of the latest scan. The domain is registered through Cloudflare, Inc., and is hosted behind Cloudflare Pages, leveraging Google Trust Services for its SSL/TLS certificate and resolving to IP 188.114.96.3. These technical markers align with common tactics used by crypto drainers to evade detection while maintaining a facade of legitimacy. The domain’s use of Pages.dev suggests an attempt to blend into legitimate developer ecosystems, further obscuring its malicious intent. If you visited app-ledger-start.pages.dev, act immediately to protect your assets. First, disconnect your device from the internet to prevent ongoing data exfiltration. Then, revoke any wallet connections made on the site using your wallet’s security settings or a tool like revoke.cash. Transfer all remaining funds to a newly created, offline wallet if you suspect compromise. Enable multi-factor authentication on all crypto accounts and never re-use seed phrases. Report the domain to Google Safe Browsing and your local cybercrime unit. Stay alert: crypto-drainers evolve quickly, so always verify URLs, avoid clicking links in unsolicited messages, and confirm the authenticity of any site before entering sensitive information. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 15 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/app-ledger-start.pages.dev - PhishDestroy: https://phishdestroy.io/domain/app-ledger-start.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/app-ledger-start.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/app-ledger-start.pages.dev/ Last updated: 2026-04-02