# nav-ledgerr-start-io.pages.dev — SUSPICIOUS

> nav-ledgerr-start-io.pages.dev is a crypto drainer scam hosted on Cloudflare Pages. It resolves to IP 188.114.96.

## Summary
nav-ledgerr-start-io.pages.dev has been flagged as an active crypto drainer under investigation. This domain poses a high risk to cryptocurrency users by disguising itself as a legitimate wallet service to siphon digital assets. The site leverages Cloudflare Pages for hosting, which provides anonymity and CDN-based obfuscation, making it harder to trace or block. The domain resolves to IP 188.114.96.3, which is associated with known malicious infrastructure used for phishing and fraudulent activities.  This domain was registered through Cloudflare, Inc. and currently shows 0/95 detections on VirusTotal, indicating it has evaded immediate detection by antivirus engines. It operates under a Google Trust Services SSL certificate, which adds a false layer of legitimacy to trick users into trusting the site. The domain is hosted on Cloudflare Pages, a service often abused by threat actors to deploy malicious content quickly and with minimal overhead. No historical blocklist data is publicly available yet, but the combination of low detection rates, cloud hosting, and cryptocurrency-related deception suggests active malicious intent.  To mitigate the threat posed by nav-ledgerr-start-io.pages.dev, users should avoid interacting with the domain entirely. If you have previously connected a wallet to this site, revoke all permissions immediately using your wallet's security settings or a trusted revocation tool like revoke.cash or unrekt.net. Never input private keys, seed phrases, or connect wallets to unfamiliar or unsolicited links. Report the domain to your antivirus provider, browser security teams, and cryptocurrency platforms to help block future access. Cloudflare abuse channels should also be notified to expedite takedown efforts. Always verify URLs manually and use hardware wallets for high-value transactions to reduce exposure to drainer scripts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/36a8905c-ea90-49d8-9da7-12447e45499b
- PhishDestroy: https://phishdestroy.io/domain/nav-ledgerr-start-io.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/nav-ledgerr-start-io.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/nav-ledgerr-start-io.pages.dev/
Last updated: 2026-03-30