# first-ledgrstart.pages.dev — SUSPICIOUS > first-ledgrstart.pages.dev mimics Ledger Startup to steal crypto wallet credentials. Zero VirusTotal detections despite active phishing. ## Summary PhishDestroy identifies first-ledgrstart.pages.dev as a confirmed cryptocurrency wallet phishing site targeting users pretending to be a new Ledger startup. The domain lures victims with fake hardware wallet promotions, aiming to harvest private keys, seed phrases, and login credentials through spoofed login portals. Once credentials are captured, attackers drain crypto funds from victim wallets within hours. This is an active and evolving threat designed to exploit trust in established brands like Ledger through social engineering and domain spoofing. This domain was flagged through behavioral threat analysis and exhibits multiple red flags. VirusTotal currently shows 0/95 detections, indicating it has not yet been widely blacklisted despite active phishing operations. It is registered through Cloudflare, Inc., which is commonly abused for privacy and fast domain cycling. The site resolves to IP 188.114.97.3, hosted on Google Trust Services infrastructure, further complicating takedown efforts. The use of Cloudflare Pages (pages.dev) allows rapid deployment and evasion of traditional domain-based blocking. If you visited first-ledgrstart.pages.dev, immediately disconnect from the internet, run a malware scan using reputable antivirus software, and revoke any permissions granted to the site. Do not enter wallet recovery phrases, private keys, or login credentials on any page linked from this domain. Change passwords only after confirming no keyloggers or browser extensions were installed. Report the domain to your antivirus provider and block it at the network level. Monitor all cryptocurrency wallets and financial accounts for unauthorized transactions for at least 30 days. Consider using hardware wallet isolation and transaction alerts to prevent fund loss. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/b5a6a5bc-efa2-4f66-a974-1e0cac867b99 - PhishDestroy: https://phishdestroy.io/domain/first-ledgrstart.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/first-ledgrstart.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/first-ledgrstart.pages.dev/ Last updated: 2026-04-12