# en-us-ledgrcom-desktop.pages.dev — SUSPICIOUS

> en-us-ledgrcom-desktop.pages.dev lures users with a fake Ledger Live wallet login page; only 1 of 95 security vendors flagged this domain so far.

## Summary
PhishDestroy identifies an active phishing campaign using the domain en-us-ledgrcom-desktop.pages.dev to impersonate the official Ledger Live cryptocurrency wallet login interface. This site poses a significant elevated risk because it masquerades as a legitimate financial service to steal user credentials and cryptocurrency deposits. Victims who enter their Ledger Live login details or cryptocurrency wallet recovery phrases will have their funds immediately drained by attackers. The sophisticated method involves exploiting Cloudflare Pages hosting to appear as a genuine software download or service update portal, leveraging Google Trust Services SSL certificates to further establish false legitimacy. Attackers are targeting cryptocurrency users specifically, knowing they will be less suspicious of password recovery flows compared to traditional banking interfaces. Since this domain resolves to IP address 188.114.97.3 through Cloudflare infrastructure, users cannot rely on domain reputation as a safety indicator.  

This domain was flagged by threat intelligence with unique seed identifier 7ba944. VirusTotal confirms only 1 out of 95 security vendors currently detects this malicious domain, indicating extremely low detection coverage despite active phishing operations. The domain was registered through Cloudflare, Inc., which provides both hosting via Cloudflare Pages and SSL certificate issuance through Google Trust Services. This dual infrastructure exploitation makes the site appear legitimate to both users and automated detection systems. The low VT detection ratio (1/95) suggests either the domain is newly launched or has sophisticated evasion techniques preventing wider detection by security vendors.  

If you visited this site, immediately check your Ledger Live account for any unauthorized transactions and revoke any app permissions you may have granted. Do not enter any login credentials, recovery phrases, or cryptocurrency wallet addresses on this domain. If you entered sensitive information, transfer any remaining funds to a new wallet immediately using a different device. Clear your browser cache and cookies, then run a full antivirus scan. Report the incident to Ledger support through their official channels. Monitor your financial accounts and cryptocurrency wallets closely for 30 days following any interaction with this domain. Consider using hardware wallet isolation for any remaining cryptocurrency funds as additional protection against secondary attacks.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/8cf2f578-e884-4892-b64f-d6342c534221
- PhishDestroy: https://phishdestroy.io/domain/en-us-ledgrcom-desktop.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/en-us-ledgrcom-desktop.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/en-us-ledgrcom-desktop.pages.dev/
Last updated: 2026-03-24