# ledgr--strt.pages.dev — SUSPICIOUS

> ledgr--strt.pages.dev hosts a live cryptocurrency drainer kit. This Google Trust Services certified domain resolves to IP 188.114.97.

## Summary
PhishDestroy identifies ledgr--strt.pages.dev as an active cryptocurrency drainer campaign impersonating a financial ledger or trading start-up. The domain leverages Cloudflare Pages hosting and a Google Trust Services SSL certificate to appear legitimate, luring users to connect wallets and authorize fraudulent token approvals. No specific drainer kit signature has been extracted from this sample yet, but the payload is expected to follow standard JavaScript-based drainer patterns targeting ERC-20 and BEP-20 assets.


Technical indicators confirm this domain as a high-risk asset: VirusTotal shows 0 detections out of 95 scanners, the registrar is Cloudflare, Inc., and the domain resolves to IP 188.114.97.3. The SSL certificate was issued by Google Trust Services, and this domain is currently not listed on Google Safe Browsing. No creation date is publicly available, so domain age cannot be determined at this stage. Current blocklist coverage is zero, placing all visitors in the direct path of the threat.


Status remains active as of seed c56728. Immediate action is required: network defenders should block traffic to 188.114.97.3 and add ledgr--strt.pages.dev to enterprise blocklists. End users should avoid accessing this domain entirely. Remaining risk is classified as under investigation yet substantively high due to zero detections and active hosting. Monitor for wallet connection prompts or unauthorized token approval requests if prior interaction occurred.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/5a8c9df7-b97f-471c-ae85-a7d031e50988
- PhishDestroy: https://phishdestroy.io/domain/ledgr--strt.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledgr--strt.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledgr--strt.pages.dev/
Last updated: 2026-04-12