# en-ledger-download.pages.dev — SUSPICIOUS > en-ledger-download.pages.dev is a crypto drainer site stealing funds via fake Ledger downloads. Hosted on Cloudflare, it shows 0/95 VirusTotal detections. ## Summary en-ledger-download.pages.dev poses a serious threat as a crypto drainer site designed to trick users into downloading malicious software under the guise of a Ledger wallet update or software. Once visited, the site may prompt users to connect their cryptocurrency wallets or download files that appear legitimate but are actually engineered to steal funds. This domain specifically mimics Ledger’s branding to exploit users seeking secure wallet solutions, making it a high-risk phishing trap for cryptocurrency enthusiasts. This domain was flagged by PhishDestroy after analysis revealed it resolves to IP address 172.66.44.140, uses a Google Trust Services SSL certificate, and remains undetected by 95 VirusTotal scanners as of the latest scan. Registered through Cloudflare, Inc., it leverages the provider’s infrastructure to obscure its malicious intent and avoid early detection. The site’s active status and lack of detections make it particularly dangerous, as it can evade security tools and lure unsuspecting visitors. If you visited en-ledger-download.pages.dev, immediately disconnect any connected wallets and revoke any permissions granted to the site. Do not download any files or enter private keys or seed phrases. Scan your device with reputable antivirus software and consider transferring remaining funds to a secure, offline wallet. Report the domain to your wallet provider and relevant cybersecurity authorities to help prevent further harm. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.140 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/ac541281-d007-41d6-9129-daaaa0291441 - PhishDestroy: https://phishdestroy.io/domain/en-ledger-download.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/en-ledger-download.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/en-ledger-download.pages.dev/ Last updated: 2026-04-12