# nav-leger-com-start-us-en.pages.dev — SUSPICIOUS > nav-leger-com-start-us-en.pages.dev hosts a crypto drainer impersonating Ledger hardware wallets. Verify safety on PhishDestroy before interacting — VT 0/95. ## Summary Domain nav-leger-com-start-us-en.pages.dev has been flagged as a crypto drainer, a specific type of phishing threat designed to steal cryptocurrency from unsuspecting users. PhishDestroy identifies this site as actively distributing malicious scripts that target Ledger wallet users, leveraging deceptive pages to trick victims into connecting their wallets and authorizing unauthorized transactions. The attack method aligns with recent trends in crypto phishing, where attackers abuse legitimate cloud services (like Cloudflare Pages) to host fraudulent domains that mimic official brand pages, such as hardware wallet providers. Given the active status and lack of detections on VirusTotal, this domain poses a high risk to cryptocurrency holders who may encounter it through phishing emails, social media, or malicious ads. PhishDestroy’s investigation reveals that this domain was registered through Cloudflare, Inc., resolving to IP 172.66.44.131 with a Google Trust Services SSL certificate, indicating a deliberate attempt to appear legitimate. The domain currently shows 0 out of 95 detections on VirusTotal, suggesting it has evaded detection by most security vendors. While no explicit creation date is provided in the intelligence data, the use of Cloudflare Pages (a platform often abused for short-lived phishing campaigns) and the active status imply recent deployment. The absence of detections, combined with the domain’s structural similarity to official Ledger pages, increases the likelihood of successful compromise for users who fail to verify its legitimacy. There are no known blocklists or trust score assessments for this domain at this time, further highlighting the need for proactive verification. To mitigate the risk posed by nav-leger-com-start-us-en.pages.dev, users should avoid interacting with this domain entirely. If a hardware wallet browser extension or mobile app is required, users must navigate directly to the official Ledger website (ledger.com) via a verified bookmark or search engine result, ensuring they do not click on links from unsolicited emails, social media posts, or advertisements. For cryptocurrency holders, enabling hardware wallet transaction verification (if supported) and double-checking wallet addresses before authorizing transactions can prevent unauthorized fund transfers. PhishDestroy recommends reporting this domain to relevant authorities, such as Google Safe Browsing or Cloudflare Abuse, to expedite its takedown. Users who have already interacted with this domain should immediately revoke any wallet connections, transfer funds to a cold wallet if possible, and scan their devices for malware using reputable antivirus software. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.131 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/nav-leger-com-start-us-en.pages.dev - PhishDestroy: https://phishdestroy.io/domain/nav-leger-com-start-us-en.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/nav-leger-com-start-us-en.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/nav-leger-com-start-us-en.pages.dev/ Last updated: 2026-04-11