# app-ledgercom-start.pages.dev — SUSPICIOUS > PhishDestroy identifies app-ledgercom-start.pages.dev as a Ledger impersonation site with 0/95 VirusTotal detections. ## Summary PhishDestroy identifies app-ledgercom-start.pages.dev as a high-risk brand impersonation domain impersonating the cryptocurrency wallet provider Ledger. This domain poses an immediate threat to users through deceptive replication of Ledger's branding, likely aimed at harvesting sensitive credentials or cryptocurrency assets under the guise of a legitimate service. The site's use of Cloudflare's Pages.dev subdomain service and Google Trust Services SSL certificate further enhances its credibility, making it a sophisticated trap for unsuspecting victims. Given its active status and unresolved investigations, this domain should be treated as a primary threat vector for brand exploitation attacks. This domain was flagged with 0 detections out of 95 VirusTotal scans, indicating it has evaded automated detection systems despite its malicious intent. It resolves to IP address 172.66.47.193, a Cloudflare-hosted address commonly abused by threat actors for phishing and impersonation campaigns. The domain is registered through Cloudflare, Inc., leveraging the company's Pages.dev platform to create a facade of legitimacy. The SSL certificate is issued by Google Trust Services, which, while valid, is often exploited by threat actors to lend false authenticity to fraudulent sites. These technical indicators collectively underscore the domain's sophisticated design to deceive both users and automated security tools. Mitigation against this specific threat requires immediate action from both users and security teams. Users should refrain from interacting with app-ledgercom-start.pages.dev or any subdomains resembling Ledger's official domains, such as ledger.com or ledger-live.com. Organizations should block this domain at the network level using DNS filtering solutions and update firewall rules to prevent access. Additionally, security teams should monitor for similar domains registered through Cloudflare's Pages.dev service, as these are frequently abused for brand impersonation. Reporting this domain to Ledger's abuse team and platforms like PhishDestroy can expedite its takedown, reducing the window of opportunity for threat actors to exploit unsuspecting victims. Proactive user education on identifying brand impersonation tactics is also critical to mitigating the broader risk posed by such domains. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.193 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/da7e51ec-bc7f-4a43-9580-4c406c566338 - PhishDestroy: https://phishdestroy.io/domain/app-ledgercom-start.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/app-ledgercom-start.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/app-ledgercom-start.pages.dev/ Last updated: 2026-03-29