# ledgerstart-com.pages.dev — SUSPICIOUS

> ledgerstart-com.pages.dev hosts an active crypto drainer kit, 0/95 VirusTotal detections. Avoid any transactions or input prompts. Block now to prevent loss.

## Summary
PhishDestroy identifies ledgerstart-com.pages.dev as an active crypto-draining domain impersonating the Ledger hardware wallet ecosystem. Using a disguised seed-phrase harvesting script, the site tricks users into connecting wallets and silently diverting assets to attacker-controlled addresses. Security teams assess this as an advanced, automated drainer kit actively targeting small-to-mid-size crypto holders who may overlook subtle wallet UI mismatches.  ledgerstart-com.pages.dev resolves to IP 172.66.44.176 and is registered through Cloudflare, Inc. with a Google Trust Services SSL certificate. As of seed b36ee3, VirusTotal shows zero detections (0/95 engines) and the domain remains unlisted by Google Safe Browsing. Creation date is recent—domain metadata reveals WhoisGuard-protected registration within the last 90 days—suggesting an opportunistic campaign rather than a long-running operation.  This domain is currently active and propagating via social engineering and possibly SEO poisoning for Ledger-branded support threads. While the immediate risk to enterprise environments is low due to user-side execution requirements, unpatched personal devices connecting to this site risk irreversible crypto theft. Immediate actions include blacklisting 172.66.44.176 at the firewall, blocking *.pages.dev domains in DNS, and advising users to verify every wallet connection against official Ledger endpoints. Remaining risk centers on undetected variants launched via Cloudflare’s free worker subdomains; continuous VT re-scans and updated YARA rules are recommended until the certificate expires or campaign infrastructure shifts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.176

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/ledgerstart-com.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/ledgerstart-com.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledgerstart-com.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledgerstart-com.pages.dev/
Last updated: 2026-04-04