# en-download-ledger-info.pages.dev — SUSPICIOUS > PhishDestroy detects a crypto-draining domain impersonating Ledger. VirusTotal shows 0/95 detections as of now. Block this malicious site immediately. ## Summary PhishDestroy has identified a high-risk crypto-draining domain, en-download-ledger-info.pages.dev, actively involved in fraudulent campaigns targeting cryptocurrency users. This domain employs deceptive tactics to trick victims into connecting their wallets, subsequently draining funds under the guise of providing 'ledger information downloads.' The threat actor behind this operation leverages Cloudflare's infrastructure to obfuscate their activities, with the domain resolving to IP 172.66.45.38 and secured by a Google Trust Services SSL certificate. While current VirusTotal scans show zero detections (0/95 engines), this domain remains untrusted and poses an immediate risk to unsuspecting users. Technical analysis reveals this domain is part of a broader crypto-draining campaign, specifically designed to harvest private keys or initiate unauthorized transactions from compromised wallets. The domain was registered through Cloudflare, Inc., and while its exact creation date remains unverified, the infrastructure suggests recent deployment given its current activity level. Notably, the absence of detections on VirusTotal does not equate to safety; such domains often evade detection initially, only to be flagged later once harm has been inflicted. The lack of blocklist entries further underscores the stealthy nature of this operation, making it critical for users to exercise caution. If you or your organization has interacted with en-download-ledger-info.pages.dev—whether by visiting the site, entering credentials, or connecting a wallet—immediate action is required. Disconnect any connected wallets from unknown or suspicious sites, revoke any unauthorized permissions granted to the domain, and scan your systems for signs of compromise using reputable security tools. Report the domain to your IT security team or relevant authorities, such as the Anti-Phishing Working Group (APWG) or your local cybercrime unit. Additionally, monitor your cryptocurrency wallets for unauthorized transactions and consider transferring remaining funds to a newly generated, secure wallet. Proactive vigilance and swift response are essential to mitigating potential financial losses from this active threat. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.45.38 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/2bba5830-25c4-4ddb-a74d-a57432e92295 - PhishDestroy: https://phishdestroy.io/domain/en-download-ledger-info.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/en-download-ledger-info.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/en-download-ledger-info.pages.dev/ Last updated: 2026-03-21