# start-ldger-us-en.pages.dev — SUSPICIOUS > PhishDestroy flags start-ldger-us-en.pages.dev as a crypto drainer impersonating Ledger Live; only 0/95 VirusTotal detections so far—scan now on PhishDestroy. ## Summary PhishDestroy identifies start-ldger-us-en.pages.dev as an active crypto-drainer domain engineered to trick users into approving malicious token-transfer approvals. The page masquerades as the legitimate Ledger Live upgrade portal, luring victims with urgent update prompts that silently drain wallets upon signature approval. Security telemetry shows this domain was registered through Cloudflare, Inc. and currently resolves to IP 172.66.45.30 under a Google Trust Services SSL certificate, indicating robust but not infallible infrastructure. This domain is presently under investigation with 0 positives out of 95 VirusTotal engines and has not yet propagated to mainstream blocklists. The combination of cloudfront hosting, legitimate SSL issuer, and zero detections creates a plausible threat surface that evades conventional filters. While the exact creation date is redacted for security reasons, the operational window is recent enough to avoid proactive blocklisting, amplifying the urgency for proactive scanning. Users who visited start-ldger-us-en.pages.dev should immediately revoke any suspect token approvals via blockchain explorers, transfer remaining assets to a new wallet, and run a malware scan. Do not interact with wallet prompts on this domain. Report the incident to PhishDestroy for rapid deactivation and share transaction hashes if funds were drained to aid takedowns. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.45.30 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/6cbb1544-40f1-4842-afa3-df7c4bde6dd2 - PhishDestroy: https://phishdestroy.io/domain/start-ldger-us-en.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/start-ldger-us-en.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/start-ldger-us-en.pages.dev/ Last updated: 2026-03-22