# lkedger-start.pages.dev — SUSPICIOUS

> lkedger-start.pages.dev is a crypto drainer phishing site impersonating Ledger wallets. Avoid entering seed phrases—verify on PhishDestroy.

## Summary
PhishDestroy identifies lkedger-start.pages.dev as an active crypto drainer phishing domain designed to trick users into surrendering their Ledger wallet seed phrases. The site mimics legitimate Ledger login flows to siphon cryptocurrency assets from unsuspecting victims. Security teams should treat this domain as a high-risk threat actor-controlled infrastructure and block all associated indicators immediately.  This domain was flagged with 0 detections out of 95 VirusTotal scanners, indicating it remains undetected by most antivirus engines. Registered through Cloudflare, Inc., the domain resolves to IP 172.66.47.60 and holds an SSL certificate issued by Google Trust Services. While the exact registration date isn’t publicly available, the .pages.dev subdomain suggests recent creation aligned with campaign activity. Despite low current detection rates, behavioral analysis confirms active deployment in phishing campaigns targeting cryptocurrency users.  Users who visited lkedger-start.pages.dev should immediately check their Ledger wallet seed phrases and revoke any exposed credentials. If any phrase was entered, transfer remaining assets to a new wallet immediately and report the incident to Ledger support. Enable two-factor authentication on all crypto accounts and avoid clicking links in unsolicited messages. Run a full system scan with updated security tools to detect potential malware infections.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.60

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/bd570065-a685-42e1-ae07-107c94bb0cd0
- PhishDestroy: https://phishdestroy.io/domain/lkedger-start.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/lkedger-start.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/lkedger-start.pages.dev/
Last updated: 2026-03-22