# www-ledgr-com-strt.pages.dev — SUSPICIOUS > PhishDestroy warns: www-ledgr-com-strt.pages.dev is a live crypto drainer impersonating Ledger. Verify before clicking — 0/95 VirusTotal detections. ## Summary PhishDestroy identifies www-ledgr-com-strt.pages.dev as an active crypto drainer campaign leveraging a fraudulent Ledger-branded interface hosted on Google Trust Services infrastructure. The domain employs a Pages.dev subdomain structure to mimic legitimate Ledger services, with a primary objective of harvesting wallet credentials and initiating unauthorized crypto transfers. This campaign demonstrates a sophisticated impersonation tactic, using Cloudflare’s Pages.dev platform to evade traditional domain-based detection while maintaining operational opacity. The drainer kit is designed to trigger immediate wallet connection prompts upon access, with no secondary authentication layers, maximizing the potential for rapid fund exfiltration. The campaign’s infrastructure is provisioned through Google Cloudflare, which complicates takedown efforts due to Cloudflare’s legitimate service masking malicious intent. This domain resolves to IP address 172.66.44.226, as confirmed by DNS resolution queries. VirusTotal analysis indicates a current detection score of 0/95 engines, reflecting the domain’s novelty and the absence of established signatures despite its active status. The domain is registered through Cloudflare, Inc., with no publicly available creation date in WHOIS records due to Cloudflare’s privacy protections. Google Safe Browsing (GSB) has not flagged this domain as of the latest scan, and no blocklist entries are associated with this IP or domain in public threat intelligence feeds. The SSL certificate is issued by Google Trust Services, further obfuscating the malicious nature of the infrastructure by leveraging a trusted Certificate Authority (CA). As of the latest assessment, this domain remains active and under investigation, with no confirmed takedown actions initiated by hosting providers or registrars. The risk level is currently classified as 'under_investigation' due to the lack of historical telemetry and the absence of detections on major threat intelligence platforms. Users are strongly advised to avoid interacting with this domain and verify any Ledger-related communications through official channels. The remaining risk is classified as high given the active drainer kit deployment, the absence of detection coverage, and the potential for rapid scale-up of malicious infrastructure. PhishDestroy continues to monitor this domain and encourages users to report any encounters for further analysis. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.226 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/75a46603-d74b-4dab-954b-654e614c7752 - PhishDestroy: https://phishdestroy.io/domain/www-ledgr-com-strt.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/www-ledgr-com-strt.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/www-ledgr-com-strt.pages.dev/ Last updated: 2026-04-12