# ldgr-us-desktop.pages.dev — SUSPICIOUS > WARNING: ldgr-us-desktop.pages.dev is a crypto drainer impersonating Ledger Live. Verify safety on PhishDestroy before entering wallet details. ## Summary PhishDestroy identifies ldgr-us-desktop.pages.dev as an active crypto drainer phishing domain designed to steal cryptocurrency wallet credentials and assets. The domain mimics legitimate Ledger Live infrastructure to deceive users into connecting compromised wallets or entering seed phrases. This threat operates under the guise of a desktop application upgrade portal, leveraging cloudflare Workers (pages.dev) to bypass traditional hosting restrictions. Given its active status and zero detection on VirusTotal, this domain poses a critical risk to users engaging with crypto-related services. This domain resolves to IP 172.66.47.75 and operates under Cloudflare, Inc. with a Google Trust Services SSL certificate. VirusTotal currently shows 0/95 detections, indicating a low immediate detection rate despite its malicious nature. The domain's registration through Cloudflare's Workers platform allows rapid deployment and evasion of traditional takedown mechanisms. No entries were found on major blocklists such as Google Safe Browsing, PhishTank, or OpenPhish at the time of analysis. The SSL certificate issued by Google Trust Services may lend false legitimacy to the domain, tricking users into believing it is secure. Mitigation for this crypto drainer threat requires immediate user action. Users should avoid entering any wallet credentials or connecting devices to ldgr-us-desktop.pages.dev. If exposure occurs, disconnect affected wallets from the internet, revoke any connected permissions via blockchain explorers, and transfer assets to cold storage. PhishDestroy recommends users verify domains using its real-time scanning tool and enable wallet-specific security features like hardware wallet isolation and multi-signature transactions. Organizations should block the domain at the network level and monitor for similar Workers-based phishing campaigns. Given the domain's active status and zero detections, proactive verification is critical to prevent financial loss. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.75 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/6bb8ec61-fa48-4500-a881-3d15ea39a2d2 - PhishDestroy: https://phishdestroy.io/domain/ldgr-us-desktop.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ldgr-us-desktop.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ldgr-us-desktop.pages.dev/ Last updated: 2026-04-12