# desktop-liveledgrcom.pages.dev — SUSPICIOUS

> desktop-liveledgrcom.pages.dev impersonates Ledger as a crypto drainer via Cloudflare Pages. VirusTotal shows 0/95 detections.

## Summary
PhishDestroy identifies desktop-liveledgrcom.pages.dev as an active brand impersonation campaign targeting Ledger users. This Cloudflare Pages-hosted domain mimics the official Ledger Live Desktop interface to deceive victims into downloading malicious software or entering sensitive credentials. The page title mirrors Ledger's legitimate offering, creating a false sense of authenticity. No crypto drainer kit has been confirmed at this stage, but the threat actor clearly aims to harvest crypto wallet data or install malware under the guise of a desktop application. The domain's structure (desktop-liveledgrcom) deliberately evades quick detection by embedding misspellings of the legitimate brand (Ledger).

Technical indicators confirm this domain is a high-risk threat. VirusTotal currently flags the page with 0/95 detections, indicating it remains undetected by most antivirus engines. It resolves to IP 172.66.45.43, registered through Cloudflare, Inc. The SSL certificate is issued by Google Trust Services, adding a superficial layer of legitimacy. As of this analysis, the domain remains active and unblocked by Google Safe Browsing (GSB). No creation date was provided in available data, but the use of Cloudflare Pages suggests rapid deployment typical of opportunistic scams.

This domain poses an active and evolving risk to Ledger users and the broader cryptocurrency community. The campaign is currently live and expanding, with no detections on major threat intelligence platforms. Immediate action is required: users should block access to desktop-liveledgrcom.pages.dev via DNS filtering, browser blacklists, or endpoint protection. Ledger users are advised to verify all downloads and links through official channels only. Remaining risk includes potential credential theft or crypto asset drain if users interact with the fraudulent page. Monitor this domain for takedown or redirection to assess long-term persistence.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: alive (HTTP ?)
- Target brand: Ledger
- Page title: Ledger Live Desktop® | Manage Your Crypto Securely

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.45.43

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/desktop-liveledgrcom.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/desktop-liveledgrcom.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/desktop-liveledgrcom.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/desktop-liveledgrcom.pages.dev/
Last updated: 2026-04-11