# ldger-io-dsktop.pages.dev — SUSPICIOUS > ldger-io-dsktop.pages.dev is a crypto drainer phishing site with 0/95 VirusTotal detections. Avoid clicking links or entering wallet details. Report immediately. ## Summary PhishDestroy identifies ldger-io-dsktop.pages.dev as an active crypto drainer posing under investigation for malicious activity. This domain mimics legitimate cryptocurrency services to trick users into connecting wallets or entering seed phrases, allowing attackers to drain funds directly. The site leverages Cloudflare Pages for hosting, making it harder to trace while providing SSL encryption via Google Trust Services to appear legitimate. Users should treat this as a high-risk threat until further analysis confirms its exact payload or infrastructure changes. This domain was flagged with zero detections out of 95 VirusTotal scans, suggesting it has evaded automated detection tools thus far. Registered through Cloudflare, Inc., the site resolves to IP address 188.114.97.3, a Cloudflare edge node often abused by threat actors for phishing campaigns. The combination of a recent registration date (exact date redacted for security), Cloudflare’s anonymizing services, and a Google-issued SSL certificate creates a deceptive appearance of legitimacy. Threat intelligence indicates this domain is part of an ongoing campaign targeting cryptocurrency users under the guise of a desktop wallet or service portal. If you visited ldger-io-dsktop.pages.dev, do not connect any cryptocurrency wallets or enter private keys, seed phrases, or recovery phrases. Disconnect your device from the internet immediately to prevent potential backdoor communication. Scan your system with reputable antivirus software and consider revoking any wallet connections made during the visit through your wallet provider’s interface. Report the domain to your antivirus vendor, PhishDestroy, and the platform where you encountered the link (e.g., Discord, Twitter, email). If you entered sensitive information, transfer remaining funds to a new wallet immediately and monitor for unauthorized transactions. Always verify URLs manually and use bookmarks for trusted crypto services to avoid typosquatting traps like this one. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/ba48e7b3-1b5a-4639-bdaa-0230489ab8c6 - PhishDestroy: https://phishdestroy.io/domain/ldger-io-dsktop.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ldger-io-dsktop.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ldger-io-dsktop.pages.dev/ Last updated: 2026-04-12