# start-ldger-io-en.pages.dev — SUSPICIOUS

> PhishDestroy identifies start-ldger-io-en.pages.dev as a credential theft page impersonating Ledger wallets. Flagged by 2 out of 95 security vendors.

## Summary
PhishDestroy identifies start-ldger-io-en.pages.dev as a credential theft domain actively targeting users with a fake Ledger wallet login page.  This site mimics the legitimate Ledger hardware wallet platform to trick visitors into surrendering their recovery phrases or private keys.  The domain is currently active, resolving to IP 188.114.97.3 via Cloudflare Pages, and uses a Google Trust Services SSL certificate to appear legitimate.  Two independent security vendors have already flagged this infrastructure, indicating early-stage detection of a broader campaign.  This domain was registered through Cloudflare, Inc. and currently shows a detection ratio of 2 out of 95 security vendors on VirusTotal, suggesting limited but growing awareness within the security community.  The SSL certificate issued by Google Trust Services adds a veneer of authenticity, while the Cloudflare Pages hosting obscures the true origin of the infrastructure.  Despite the low VT count, the domain’s active status and choice of impersonated brand (Ledger) elevate the risk level to elevated, as threat actors commonly leverage low initial detection ratios to evade early blocking.  If you visited this domain, cease any interaction immediately and do not enter any credentials or cryptocurrency wallet information.  Check your device for signs of compromise, such as unauthorized transactions or unfamiliar browser extensions.  Disconnect from the internet temporarily to prevent potential data exfiltration, scan your system with updated antivirus software, and consider rotating all cryptocurrency wallet keys or recovery phrases used on any device that accessed this site.  Report the domain to your security team or file a report with the relevant cryptocurrency fraud reporting channels to aid in broader takedown efforts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ff5236a9-2f9a-4bc0-be4b-30dc5068a6fc
- PhishDestroy: https://phishdestroy.io/domain/start-ldger-io-en.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/start-ldger-io-en.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/start-ldger-io-en.pages.dev/
Last updated: 2026-03-22