# ledger--hub-desktop-com.pages.dev — SUSPICIOUS > Ledger--hub-desktop-com.pages.dev poses as a crypto wallet service but is a crypto-draining phishing site hosted on Cloudflare. ## Summary PhishDestroy identifies ledger--hub-desktop-com.pages.dev as an active crypto-drainer masquerading as a Ledger desktop wallet hub. This malicious domain leverages Cloudflare Pages to host fraudulent wallet-connect pages that silently drain victim funds to attacker-controlled addresses. The infrastructure resolves to IP 172.66.44.252 and benefits from a Google Trust Services SSL certificate to enhance phishing credibility. Attacks are ongoing, with no current blocklist flag despite zero VirusTotal detections. This domain was flagged under seed 463a29 and continues to evade detection, registering zero hits across 95 VirusTotal engines, indicating near-zero detection coverage. The site is served via Cloudflare, Inc., exploiting the platform’s free Pages tier to rapidly generate fresh malicious subdomains. While the exact creation date is obscured through Cloudflare’s privacy protections, the use of a pages.dev subdomain suggests recent deployment and likely ties to a larger campaign targeting cryptocurrency users. Users who have visited ledger--hub-desktop-com.pages.dev or interacted with its wallet-connect prompt should immediately revoke any connected wallet permissions, transfer remaining assets to a clean wallet, and scan devices with reputable endpoint protection. Do not reuse seed phrases or private keys on any device that accessed this domain. Report the domain to your security team or via abuse channels to help accelerate takedown efforts. Monitor wallet activity closely for unauthorized transactions and consider enabling hardware wallet authentication for critical assets. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.252 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/ledger--hub-desktop-com.pages.dev - PhishDestroy: https://phishdestroy.io/domain/ledger--hub-desktop-com.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ledger--hub-desktop-com.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledger--hub-desktop-com.pages.dev/ Last updated: 2026-04-03