# comstart-ledger.pages.dev — SUSPICIOUS > comstart-ledger.pages.dev hosts a crypto drainer stealing funds via fake ledger wallets. VirusTotal shows 0/95 detections. Stop all transactions immediately. ## Summary PhishDestroy identifies comstart-ledger.pages.dev as a live crypto drainer site leveraging Cloudflare Pages to distribute malicious JavaScript payloads targeting cryptocurrency wallets. The domain impersonates Ledger hardware wallets, a trusted brand in the crypto space, to trick users into connecting compromised wallets for fund extraction. Technical analysis suggests the attacker uses a drainer kit capable of draining ERC-20, BEP-20, and other EVM-based tokens upon wallet connection. The domain name (comstart-ledger) mirrors legitimate Ledger services, reinforcing the social engineering angle designed to exploit user trust in hardware wallet ecosystems. This domain was flagged with 0/95 detections on VirusTotal as of the latest scan, indicating it currently evades mainstream antivirus detection. Registered through Cloudflare, Inc., it resolves to IP 172.66.46.233, which hosts multiple Cloudflare Pages domains. The site benefits from a Google Trust Services SSL certificate, adding a false sense of security. Creation date remains unverified due to Cloudflare’s privacy protections, but the domain’s active status confirms recent deployment. Google Safe Browsing (GSB) has not yet blacklisted the domain, and no major blocklists (e.g., PhishTank, OpenPhish) include it, underscoring the need for proactive blocking. The site remains active as of the latest assessment, with no takedown actions observed. Users should block the domain at the network level and avoid any wallet connections. Remaining risk is high due to the drainer’s stealth (0/95 VT detections) and reliance on social engineering. Immediate action includes reporting the domain to Google Safe Browsing, updating firewall rules, and warning crypto communities. The lack of detections suggests the attacker may expand operations, necessitating continuous monitoring. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.46.233 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/comstart-ledger.pages.dev - PhishDestroy: https://phishdestroy.io/domain/comstart-ledger.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/comstart-ledger.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/comstart-ledger.pages.dev/ Last updated: 2026-04-02