# start-ledg--r.pages.dev — MALICIOUS

> Is start-ledg--r.pages.dev a crypto wallet scam? PhishDestroy flags 16/95 vendors detecting this site as a generic phishing page. Check the full report.

## Summary
PhishDestroy identifies start-ledg--r.pages.dev as an active cryptocurrency wallet scam posing as a legitimate ledger service. This fraudulent domain attempts to trick users into entering wallet credentials by mimicking the official Ledger login page. Attackers leverage a deceptive subdomain structure under pages.dev to bypass domain reputation filters, targeting victims with promises of fake wallet integrations or security alerts. The site resolves to IP address 172.66.44.216, which hosts multiple phishing campaigns across different domains, increasing the risk of credential harvesting and cryptocurrency theft.

This domain was flagged by 16 out of 95 VirusTotal security vendors as a generic phishing page targeting cryptocurrency users. Registered through Cloudflare, Inc., the site uses a Google Trust Services SSL certificate to appear legitimate, with Cloudflare providing both DNS resolution and proxy services. The domain shows recent creation activity with no established reputation, making it a prime candidate for phishing operations. Technical indicators include the use of a compromised or fraudulent subdomain under pages.dev, a common tactic among threat actors to exploit legitimate domain infrastructures.

If you visited start-ledg--r.pages.dev, immediately check your cryptocurrency wallets for unauthorized transactions. Do not enter any credentials or personal information on this site. Clear your browser cache and cookies, then run a full antivirus scan. Report the domain to Cloudflare and Google Safe Browsing to help block further access. Monitor your financial accounts closely for suspicious activity, as credentials entered on this page may have been compromised by attackers.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.216

## Detection Status
- VirusTotal: 16 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/7d6b8dd4-ccab-417d-96a1-a00826d2c966
- PhishDestroy: https://phishdestroy.io/domain/start-ledg--r.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/start-ledg--r.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/start-ledg--r.pages.dev/
Last updated: 2026-03-22