# io-start-ledgger.pages.dev — SUSPICIOUS

> io-start-ledgger.pages.dev operates a crypto drainer posing as a Ledger wallet setup, flagged by 0 of 95 VirusTotal vendors. Avoid all wallet prompts.

## Summary
PhishDestroy identifies io-start-ledgger.pages.dev as an active crypto drainer impersonating Ledger wallet services. The domain is currently under investigation and has been flagged with a generic phishing threat type by security researchers. No further brand-specific impersonation details have been confirmed at this time.  

This domain was flagged by 0 of 95 VirusTotal vendors and remains undetected despite suspicious characteristics. It resolves to IP 188.114.97.3, is registered through Cloudflare, Inc., and holds an SSL certificate issued by Google Trust Services. The page is hosted on Cloudflare Pages, a legitimate platform often abused by threat actors to deploy phishing and malware campaigns. While the domain itself is newly observed and lacks historical blocklist data, its use of a crypto drainer mechanism targeting cryptocurrency users presents a significant financial risk. The absence of detections suggests either recent deployment or evasion tactics by the operator.  

As of the latest assessment, io-start-ledgger.pages.dev remains active and poses a high risk to cryptocurrency users who may be prompted to connect wallets or enter seed phrases. Users are strongly advised to avoid clicking any links or interacting with wallet connection prompts originating from this domain. Verify all wallet-related URLs through official Ledger channels and use hardware wallet security features to prevent unauthorized transactions. If exposure has occurred, immediately revoke any connected permissions via your wallet interface and transfer remaining assets to a secure, offline wallet. Monitor transaction activity closely and report any suspicious transfers to relevant authorities or wallet providers. Exercise heightened scrutiny when receiving unsolicited wallet setup or recovery links.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/8912c470-4ada-4749-b86a-4b2660a30959
- PhishDestroy: https://phishdestroy.io/domain/io-start-ledgger.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/io-start-ledgger.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/io-start-ledgger.pages.dev/
Last updated: 2026-03-23