# eng-ledgrdesktop.pages.dev — SUSPICIOUS > eng-ledgrdesktop.pages.dev is a live crypto drainer impersonating Ledger Live. VirusTotal shows 0/95 detections. ## Summary PhishDestroy identifies eng-ledgrdesktop.pages.dev as an active crypto drainer impersonating Ledger Live, a leading hardware wallet provider. This domain leverages Cloudflare Pages to host a fraudulent interface designed to deceive users into entering their recovery phrases or private keys, enabling unauthorized access to cryptocurrency funds. The threat actor behind this domain employs spoofing techniques to mimic the official Ledger Live interface, creating a false sense of legitimacy. Users interacting with this domain risk immediate financial loss, as any entered credentials are likely harvested for direct fund extraction. The urgency of this threat is underscored by its active status and the absence of detection by security vendors, leaving potential victims highly exposed. This domain resolves to IP address 172.66.44.138 and is registered through Cloudflare, Inc., a common choice among threat actors due to its anonymity-preserving services. The SSL certificate is issued by Google Trust Services, which may further enhance the domain’s perceived legitimacy. As of the latest analysis, VirusTotal reports 0 detections out of 95 security engines, indicating this threat remains under the radar of most antivirus and threat intelligence platforms. The combination of a recently registered domain, cloud hosting, and a valid SSL certificate creates a deceptive facade that can easily bypass initial scrutiny. PhishDestroy’s investigation highlights the sophistication of this campaign, which is likely part of a broader operation targeting cryptocurrency users. If you have visited eng-ledgrdesktop.pages.dev or entered any sensitive information, act immediately to mitigate potential damage. Disconnect any devices used to access the domain and revoke any permissions granted to connected applications. Ledger users should verify their accounts through the official website—ledger.com—and enable two-factor authentication. Consider transferring remaining funds to a new wallet with a freshly generated seed phrase. Report the incident to Ledger’s official support and PhishDestroy to aid in the takedown of this infrastructure. Avoid reusing passwords or recovery phrases across different platforms, as compromised credentials may be leveraged in follow-on attacks. Monitor your cryptocurrency wallets and financial accounts for unauthorized activity, and enable alerts for any unusual transactions. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.138 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/eng-ledgrdesktop.pages.dev - PhishDestroy: https://phishdestroy.io/domain/eng-ledgrdesktop.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/eng-ledgrdesktop.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/eng-ledgrdesktop.pages.dev/ Last updated: 2026-04-04