# start-en-ledgco.pages.dev — SUSPICIOUS

> start-en-ledgco.pages.dev impersonates Ledger with a fake drainer kit. 0/95 VirusTotal detections as of cf218c. Check the full report.

## Summary
Threat intelligence identified the active domain start-en-ledgco.pages.dev as a malicious site impersonating the cryptocurrency wallet brand Ledger. The threat type is generic phishing with a drainer-kit payload designed to steal private keys and seed phrases. The page is hosted on Cloudflare Pages and is currently serving a spoofed Ledger login form intended to harvest credentials and cryptocurrency assets from unsuspecting victims.

Technical indicators are consistent with a low-detection phishing operation: the domain resolves to 172.66.47.53, uses Cloudflare Pages as hosting provider via Cloudflare, Inc., and is backed by a Google Trust Services SSL certificate. VirusTotal scanning at seed cf218c returned 0 detections across 95 engines as of the time of analysis. This domain was registered through Cloudflare Registrar and currently has no entries on Google Safe Browsing lists. Blocklist datasets show zero prior listings at the time of this report.

This domain remains active and the campaign is ongoing with minimal detection by antivirus engines. Immediate user action includes blocking the domain at DNS and network levels and applying browser-level protections. Remaining risk is assessed as HIGH due to the presence of a drainer kit and the unlikelihood of detection by common security tools. Users should avoid interacting with any Ledger-themed pages hosted on cloudflare.pages.dev and report any suspicious activity to wallet providers and threat intelligence platforms.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.53

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/6f4bda7d-3201-43f9-b063-01c68fc5e5c5
- PhishDestroy: https://phishdestroy.io/domain/start-en-ledgco.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/start-en-ledgco.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/start-en-ledgco.pages.dev/
Last updated: 2026-03-30