# ledg-er-live-desktop-cloud.pages.dev — SUSPICIOUS > ledg-er-live-desktop-cloud.pages.dev is a Ledger impersonation domain pushing a crypto drainer kit with 0/95 VirusTotal detections. ## Summary PhishDestroy identifies ledg-er-live-desktop-cloud.pages.dev as a brand impersonation domain targeting Ledger users and distributing a cryptocurrency drainer kit. The domain uses a visually identical spoof of the official Ledger Live desktop interface, tricking victims into connecting wallets and draining funds. This is an active crypto-draining operation, with threat actors leveraging Cloudflare Pages to host malicious JavaScript that intercepts wallet connections and executes unauthorized transfers. This domain resolves to IP address 172.66.47.164 and is registered through Cloudflare, Inc., masking true hosting infrastructure behind a reputable CDN. The SSL certificate issued is from Google Trust Services, a tactic commonly used to lend false legitimacy to malicious sites. PhishDestroy’s analysis reveals that the domain currently shows 0/95 VirusTotal detections, indicating it remains undetected by most antivirus engines as of latest scans. The domain impersonates Ledger’s official platform, indicating likely targeting of cryptocurrency users familiar with hardware wallet ecosystems. As of current intelligence, ledg-er-live-desktop-cloud.pages.dev remains active and unblocked across major browsers and security platforms. PhishDestroy has flagged the domain and is tracking its infrastructure closely. While the threat is under active investigation, the absence of detections on VirusTotal and lack of widespread awareness pose a significant risk to unwary users. Users are strongly advised to verify any Ledger-related URLs on PhishDestroy before interacting, especially those received via email, ads, or social media. The current risk level is classified as active and under review, with response actions including continued monitoring, takedown reporting to hosting providers, and public threat intelligence dissemination. Remaining risk includes potential spread through phishing campaigns and delayed detection due to low AV coverage. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.164 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/64e1e322-4d81-41d4-9090-9e842bd53b1b - PhishDestroy: https://phishdestroy.io/domain/ledg-er-live-desktop-cloud.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ledg-er-live-desktop-cloud.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledg-er-live-desktop-cloud.pages.dev/ Last updated: 2026-03-24