# ledgeer-live-app-desktop.pages.dev — SUSPICIOUS > ledgeer-live-app-desktop.pages.dev is a counterfeit desktop app phishing domain. 2/95 VirusTotal engines already flag it; users should avoid downloads and. ## Summary ledgeer-live-app-desktop.pages.dev is a phishing domain impersonating a legitimate desktop application installer. The site leverages Cloudflare Pages to host a spoofed “Ledgeer” branded installer designed to harvest cryptocurrency wallet credentials and private keys under the guise of a software update. Based on available telemetry and pattern analysis, this appears to be a generic phishing drainer kit rather than a targeted APT campaign. ledgeer-live-app-desktop.pages.dev resolves to IP 188.114.96.3 via Cloudflare and is served over HTTPS using a Google Trust Services certificate. VirusTotal scanning (seed a02384) shows 2 out of 95 security vendors have already flagged this domain as malicious. While the exact domain creation date is not publicly disclosed, its recent appearance and low blocklist count indicate active deployment within the last 30–60 days. Google Safe Browsing (GSB) status is currently unlisted, and no known C2 infrastructure has been conclusively tied to this domain at scale. As of this assessment, ledgeer-live-app-desktop.pages.dev remains active and accessible. Immediate mitigation includes network-level blocking of IP 188.114.96.3 and domain-wide DNS sinkholing. Users should treat any download from this domain as highly suspicious and avoid executing unsigned or unverified software. The elevated risk stems from its use of reputable hosting (Cloudflare Pages) and a valid TLS certificate, which lends false legitimacy to the malicious payload. While detection is increasing, the site’s infrastructure remains operational, indicating a partially successful evasion strategy. Users are advised to consult their security teams, update endpoint protection rules, and monitor for similar campaigns leveraging cloud-based hosting services. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/27f935ac-fef1-4d57-baf2-55d04a1750b4 - PhishDestroy: https://phishdestroy.io/domain/ledgeer-live-app-desktop.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ledgeer-live-app-desktop.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledgeer-live-app-desktop.pages.dev/ Last updated: 2026-03-26