# guide-ledgerdesk.pages.dev — SUSPICIOUS

> guide-ledgerdesk.pages.dev is a live crypto drainer phishing site flagged by 2/95 VirusTotal vendors. Hosted on Cloudflare via Google Trust Services, it.

## Summary
PhishDestroy identifies guide-ledgerdesk.pages.dev as an active crypto drainer domain engineered to steal cryptocurrency assets from unsuspecting users. This malicious page impersonates a legitimate Ledger or crypto-service interface in order to trick victims into connecting wallets and signing fraudulent transactions that drain balances. The domain leverages Cloudflare Pages hosting and a Google-issued SSL certificate to appear trustworthy while hosting JavaScript payloads that intercept wallet connections and approve unauthorized transfers. Security scanners are still catching up, as evidenced by the low detection rate of only 2 out of 95 vendors on VirusTotal, indicating a relatively fresh campaign with limited signature coverage.  This domain was flagged with the seed dcef03 and shows clear operational characteristics: it resolves to IP 188.114.96.3, is registered through Cloudflare, Inc., and uses a Google Trust Services certificate. The low VirusTotal detection rate of 2/95 signals both the novelty of the campaign and the need for immediate user action. While the exact creation date is not provided, the low vendor count and active infrastructure suggest the site has only recently become operational, making it a moving target for blacklists and underscoring the urgency of proactive blocking.  Users who visited guide-ledgerdesk.pages.dev or interacted with any page under this domain should immediately revoke any wallet connections via their wallet’s dApp browser or device interface. Disconnect the domain from wallet permissions and transfer remaining assets to a clean wallet on an air-gapped device. Scan all connected devices for malware using up-to-date antivirus tools, and consider a factory reset if any suspicious activity is detected. Report the domain to your wallet provider, browser, and threat intelligence platforms to aid in rapid takedown and prevent further victimization.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/025d735d-8d5a-4eea-a735-494d491413aa
- PhishDestroy: https://phishdestroy.io/domain/guide-ledgerdesk.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/guide-ledgerdesk.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/guide-ledgerdesk.pages.dev/
Last updated: 2026-03-21