# en-us-dsktop-ledgr.pages.dev — SUSPICIOUS

> en-us-dsktop-ledgr.pages.dev is a crypto drainer posing as Ledger with 0/95 VirusTotal detections — stop use immediately.

## Summary
PhishDestroy identifies the domain en-us-dsktop-ledgr.pages.dev as a confirmed brand-impersonation crypto-drainer campaign targeting Ledger users under seed 51572d. The page masquerades as the Official Ledger Live Download Guide, exploiting the brand’s authority to trick visitors into downloading malicious software designed to drain cryptocurrency wallets. This site is part of an active operation that leverages Ledger’s trusted status to deliver a crypto drainer kit, placing unsuspecting users at high risk of asset theft. The threat actor’s evident goal is to harvest private keys or seed phrases under the guise of legitimate Ledger Live software updates or downloads.


Technical indicators confirm this domain is a live and ongoing threat. VirusTotal shows 0 detections out of 95 engines as of this report, indicating the page remains undetected by most antivirus solutions. The domain is registered through Cloudflare, Inc., with the IP address 188.114.97.3 resolving via Google Trust Services SSL. While the exact creation date is not publicly available, the domain remains active and unblocked by Google Safe Browsing (GSB) as of the latest scan. Reputation-based blocklists such as PhishTank or URLVoid have also not yet flagged this domain, leaving users vulnerable to exposure.


The domain en-us-dsktop-ledgr.pages.dev is currently active and poses a HIGH risk to visitors expecting authentic Ledger resources. This site should be immediately blocked at the network and endpoint levels using threat intelligence feeds that include brand-impersonation indicators. Users searching for Ledger Live downloads must be redirected to the official site ledger.com to prevent exposure. Remaining risk is elevated due to zero VT detections and lack of GSB blocking, making this a stealthy and persistent threat vector. Immediate containment and takedown coordination with Cloudflare abuse channels are strongly advised to neutralize the campaign and protect potential victims.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: alive (HTTP ?)
- Target brand: Ledger
- Page title: Official Ledger Live Download Guide

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4202dc88-cde2-4a5e-848b-c4bce3f03be0
- PhishDestroy: https://phishdestroy.io/domain/en-us-dsktop-ledgr.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/en-us-dsktop-ledgr.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/en-us-dsktop-ledgr.pages.dev/
Last updated: 2026-04-12