# ledgerr-com-star.pages.dev — SUSPICIOUS

> ledgerr-com-star.pages.dev is a crypto drainer site impersonating Ledger with 0/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy identifies ledgerr-com-star.pages.dev as an active crypto drainer site currently under investigation. This subdomain is designed to mimic Ledger, a well-known cryptocurrency hardware wallet brand, and employs drainer kit tactics to siphon funds from unsuspecting users. The domain leverages Cloudflare's infrastructure to host malicious content, with a focus on deceptive replication of legitimate Ledger services. Further analysis is required to determine the exact drainer kit in use, but preliminary indicators suggest a social engineering campaign targeting cryptocurrency holders.

Technical indicators reveal concerning metrics: the domain has zero detections on VirusTotal (0/95), uses a Google Trust Services SSL certificate for added legitimacy, is registered through Cloudflare, Inc., and resolves to IP 172.66.46.238. While the creation date remains unverified, the active status and lack of detections suggest a recently deployed threat actor resource. The domain has not yet been flagged by Google Safe Browsing (GSB), and no blocklist counts are publicly available as of the latest scan. This combination of stealth hosting and zero detections makes it a challenging threat to mitigate without advanced detection mechanisms.

Current status for ledgerr-com-star.pages.dev is active, with the crypto drainer site remaining operational and unflagged at the time of reporting. No immediate response actions have been implemented by major security vendors due to the low detection score, but this may change as further intelligence emerges. The remaining risk is high for cryptocurrency users, particularly those unfamiliar with identifying fraudulent Ledger domains. Immediate recommendations include avoiding interactions with the domain, blocking the IP 172.66.46.238 at the network level, and reporting the domain to security vendors and Ledger’s official support channels. Users are urged to verify URLs through official Ledger channels and enable multi-factor authentication on all cryptocurrency-related accounts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.46.238

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/9df09084-9225-47a0-948d-f13d00eceb6e
- PhishDestroy: https://phishdestroy.io/domain/ledgerr-com-star.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledgerr-com-star.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledgerr-com-star.pages.dev/
Last updated: 2026-03-29