# leger-com-start-us-intro-e5k.pages.dev — SUSPICIOUS

> leger-com-start-us-intro-e5k.pages.dev is an active crypto drainer impersonating Ledger's intro portal. 0/95 VirusTotal detections as of seed 584e62.

## Summary
PhishDestroy identifies leger-com-start-us-intro-e5k.pages.dev as an active crypto drainer impersonating Ledger’s introductory portal, designed to trick users into connecting wallets and draining funds. This domain mimics the legitimate Ledger onboarding flow, leveraging a trusted Cloudflare Pages subdomain to appear authentic while hosting malicious JavaScript payloads. Visitors should assume any request for wallet connections or seed phrase entry is an attack vector.  

This domain was flagged by PhishDestroy seed 584e62 under active investigation for generic phishing. The site uses a Google Trust Services SSL certificate, resolves to IP 172.66.47.25, and remains undetected on VirusTotal with 0/95 detections as of the latest scan. It was registered through Cloudflare, Inc. and deployed as a Pages.dev subdomain, a common tactic used by threat actors to host spoofed onboarding portals. The lack of detections suggests this campaign is newly launched or employing evasion techniques.  

If you visited leger-com-start-us-intro-e5k.pages.dev, immediately disconnect your wallet, revoke any connected permissions via your wallet’s settings, and scan your device with updated antivirus software. Do not interact further with the site. Report the domain to PhishDestroy using seed 584e62 and warn others in your network. Always verify Ledger’s official domains (e.g., ledger.com) via a trusted search engine before proceeding with any onboarding steps.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.25

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/leger-com-start-us-intro-e5k.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/leger-com-start-us-intro-e5k.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/leger-com-start-us-intro-e5k.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/leger-com-start-us-intro-e5k.pages.dev/
Last updated: 2026-04-04