# start--ledgecom--io.pages.dev — SUSPICIOUS > start--ledgecom--io.pages.dev is a crypto drainer phishing site flagged by 0 of 95 VirusTotal vendors. Verify this domain on PhishDestroy before interacting. ## Summary PhishDestroy identifies start--ledgecom--io.pages.dev as an active crypto drainer phishing domain under investigation with a status marked as active. This domain is designed to trick users into connecting cryptocurrency wallets under the guise of fake investment or transaction platforms. The threat involves unauthorized fund drains from connected wallets, posing significant financial risk to victims. No specific brand impersonation has been confirmed at this stage, but the domain structure suggests a broader campaign targeting crypto enthusiasts. The investigation remains ongoing as analysts assess the full scope of malicious activity associated with this infrastructure. This domain was flagged by 0 of 95 VirusTotal vendors as of the latest scan, indicating a low detection rate despite its malicious intent. Registered through Cloudflare, Inc., the domain resolves to IP address 188.114.96.3 and is secured with a Google Trust Services SSL certificate. The IP address is known to host multiple suspicious domains, often linked to cryptocurrency scams and drainer scripts. While the creation date of the domain is not explicitly provided, the use of Cloudflare’s Pages.dev subdomain suggests a recent deployment, typical of opportunistic threat actors leveraging free tiers of reputable services. The absence of blocklist entries and low VirusTotal detection underscores the stealthy nature of this campaign, relying on delayed recognition to maximize victim engagement. The current status of start--ledgecom--io.pages.dev remains active, with ongoing monitoring by threat intelligence teams. Given the domain’s association with crypto drainer activity, users are strongly advised to avoid interacting with this domain or any linked pages. PhishDestroy recommends verifying the legitimacy of any crypto-related website by cross-referencing the domain against known blocklists and using wallet protection tools to monitor unauthorized transactions. Additionally, users should report this domain to PhishDestroy and relevant cybersecurity platforms to aid in its takedown. For real-time protection, enabling wallet transaction alerts and using hardware wallets with additional security layers can mitigate the risk of fund drains. Threat actors frequently rotate domains and infrastructure, so continuous vigilance is essential to avoid falling victim to similar campaigns. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/b258cb4c-2207-4cf8-a729-5484e27e9fe2 - PhishDestroy: https://phishdestroy.io/domain/start--ledgecom--io.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/start--ledgecom--io.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/start--ledgecom--io.pages.dev/ Last updated: 2026-03-24