# ledgorcmstart.wixstudio.com — SUSPICIOUS > ledgorcmstart.wixstudio.com impersonates a login portal and drains crypto wallets — 0/95 VirusTotal detections — scan with PhishDestroy before use ## Summary PhishDestroy identifies ledgorcmstart.wixstudio.com as an active, generic phishing domain hosting a crypto-asset drainer kit designed to siphon funds from unwitting wallet holders. The domain masquerades as a legitimate service landing page, leveraging the WixStudio platform to lend superficial credibility while concealing malicious JavaScript payloads that monitor clipboard activity and prompt fraudulent transaction approvals. There is no direct brand impersonation implied by the available indicators, indicating this threat actor is likely targeting crypto users indiscriminately rather than a specific institution or platform. This domain resolves to IP 34.144.206.118 and is secured with a Let's Encrypt SSL certificate, giving it the appearance of legitimacy. According to VirusTotal scanning as of seed 783712, the site currently shows 0 detections out of 95 engines — a status that highlights its ability to evade traditional AV coverage, at least at the time of analysis. The domain is registered through an unidentified registrar (cloud hosting suggests possible bulletproof or fast-flux hosting), and while creation date is not provided in available intelligence, it is currently active and hosting malicious content. It has not been flagged by Google Safe Browsing (GSB) and is not listed on any major public blocklists at this time, posing a latent threat to users who may encounter it via unsolicited links or malicious ads. As of seed 783712, ledgorcmstart.wixstudio.com remains active and poses a significant risk to users who access or interact with the site, particularly through wallet-connect prompts or transaction signing requests. Immediate response actions should include blocking the domain and IP at network and endpoint levels, revoking any potentially compromised SSL certificates, and updating user awareness to avoid interaction. Remaining risk is elevated due to the low detection rate and lack of widespread blocklisting. Users are strongly advised to verify this domain using PhishDestroy prior to any interaction and to treat unsolicited redirects to ledgorcmstart.wixstudio.com as potentially hostile. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 34.144.206.118 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/40e1a613-19cd-435a-9fda-5aad03b717e0 - PhishDestroy: https://phishdestroy.io/domain/ledgorcmstart.wixstudio.com/ - LLM endpoint: https://phishdestroy.io/domain/ledgorcmstart.wixstudio.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledgorcmstart.wixstudio.com/ Last updated: 2026-04-11