# ledger-com-app-start-azf.pages.dev — SUSPICIOUS

> ledger-com-app-start-azf.pages.dev impersonates Ledger brand to steal crypto; hosted on Cloudflare with 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies the domain ledger-com-app-start-azf.pages.dev as an active Ledger brand impersonation scam currently under investigation by the cybersecurity community. This domain resolves to IP 172.66.44.130 and leverages a Google Trust Services SSL certificate to appear legitimate, while operating on Cloudflare Pages to evade traditional takedown measures. The threat actor has configured the site to mimic Ledger’s official application interface, tricking users into entering sensitive recovery phrases or private keys under the guise of a security update or account verification.  This domain was flagged with zero detections across 95 VirusTotal engines, highlighting its ability to bypass automated scanners at the time of analysis. Registered through Cloudflare, Inc., the site exploits the Pages.dev subdomain service to rapidly deploy phishing kits while maintaining operational stealth. Technical indicators reveal the infrastructure is hosted on a shared CDN node (172.66.44.130), which is commonly leveraged to obscure malicious hosting origins. Given the absence of current blocklist coverage and the domain’s active status, the risk of user exposure remains elevated.  Users who visited ledger-com-app-start-azf.pages.dev should immediately cease interaction and assume potential credential compromise. Ledger users are advised to revoke any entered recovery phrases or private keys via the official Ledger Live application or hardware device interface. Scan all connected devices for malware using reputable antivirus tools and enable two-factor authentication on all crypto accounts. Report the domain to Ledger’s official phishing reporting channels and local cybercrime units. Organizations should block this domain at the firewall and DNS level to prevent further access.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.130

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/2c6e7b75-3556-41cb-91cb-bc2f02814c8c
- PhishDestroy: https://phishdestroy.io/domain/ledger-com-app-start-azf.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledger-com-app-start-azf.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledger-com-app-start-azf.pages.dev/
Last updated: 2026-03-22