# ledger-com-us-start-boi.pages.dev — MALICIOUS

> ledger-com-us-start-boi.pages.dev impersonates Ledger brand to deploy a crypto drainer kit. Resolves to 188.114.97.3, flagged by 10/95 VirusTotal scanners.

## Summary
PhishDestroy identifies ledger-com-us-start-boi.pages.dev as an active brand impersonation domain designed to mimic Ledger’s official platform. This domain leverages a crypto drainer kit to trick users into authorizing malicious transactions, posing a direct threat to cryptocurrency holders. The domain’s structure—ledger-com-us-start-boi.pages.dev—exploits Ledger’s brand recognition to deceive visitors into interacting with the threat actor’s infrastructure.  

This domain was flagged by 10 out of 95 VirusTotal security vendors, indicating a high detection rate among industry tools. It was registered through Cloudflare, Inc. and resolves to IP address 188.114.97.3. The domain utilizes a Google Trust Services SSL certificate, adding a false layer of legitimacy. While the exact creation date is not provided in the available data, the domain’s active status and associated infrastructure suggest recent deployment. Additionally, the domain has been included in security blocklists, further validating its malicious nature.  

As of the latest analysis, ledger-com-us-start-boi.pages.dev remains active and poses an elevated risk to users. Immediate action should be taken to block this domain at the network and endpoint levels. Users are advised to avoid interacting with this domain or any associated links. Organizations should update firewall rules, DNS blocklists, and endpoint detection mechanisms to prevent access. Remaining risk is mitigated through proactive threat hunting and continuous monitoring of this infrastructure. However, given the domain’s active status and the drainer kit’s capabilities, the potential for further attacks remains a concern.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 10 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/903a544f-8dc9-41ef-b428-d6336170394a
- PhishDestroy: https://phishdestroy.io/domain/ledger-com-us-start-boi.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledger-com-us-start-boi.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledger-com-us-start-boi.pages.dev/
Last updated: 2026-03-22