# ledger-desktop-en-us.pages.dev — SUSPICIOUS > ledger-desktop-en-us.pages.dev is a crypto drainer targeting Ledger users. VirusTotal flags 1/95 vendors. Check the full report. ## Summary PhishDestroy identifies ledger-desktop-en-us.pages.dev as an active crypto drainer domain posing an elevated risk to cryptocurrency users. This domain is specifically designed to steal digital assets by impersonating legitimate Ledger software, tricking victims into connecting wallets or entering recovery phrases. The threat is classified as a crypto drainer due to its method of operation, which involves harvesting private keys or transaction authorization to siphon funds from unsuspecting users. Technical analysis reveals this domain resolves to IP 188.114.97.3 and is registered through Cloudflare, Inc., leveraging their infrastructure to obscure malicious activity. The SSL certificate is issued by Google Trust Services, adding a false sense of legitimacy to the fraudulent site. PhishDestroy's investigation confirms this domain is part of a broader campaign targeting cryptocurrency holders, with indicators pointing to coordinated malicious activity. This domain was flagged by PhishDestroy as an active crypto drainer, with VirusTotal confirming 1 out of 95 security vendors have marked it as malicious. The domain leverages Google Trust Services for its SSL certificate, while Cloudflare obscures the true hosting infrastructure via 188.114.97.3. This combination of legitimate infrastructure and targeted malicious intent creates a high-risk scenario for cryptocurrency users, particularly those interacting with Ledger-branded services or downloads. The low detection rate on VirusTotal (1/95) suggests this domain may be relatively new or employs evasion techniques to avoid widespread recognition. PhishDestroy's seed analysis (5ba6d9) indicates this is part of a larger, evolving campaign rather than an isolated incident. Users who visited ledger-desktop-en-us.pages.dev should immediately assume their device or browser session may be compromised. Disconnect from the internet and transfer any remaining cryptocurrency assets to a newly generated wallet on a separate, clean device. Scan the affected device with reputable antivirus and anti-malware tools to detect and remove any persistent threats. Avoid reusing credentials, recovery phrases, or private keys on any device that accessed this domain. Report the incident to Ledger's official support and consider notifying relevant cryptocurrency platforms if any assets were connected to this domain. Proactively monitor wallet activity for unauthorized transactions and enable multi-factor authentication where possible. For further mitigation steps and threat analysis, consult PhishDestroy's full investigative report associated with seed 5ba6d9. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/ledger-desktop-en-us.pages.dev - PhishDestroy: https://phishdestroy.io/domain/ledger-desktop-en-us.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ledger-desktop-en-us.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledger-desktop-en-us.pages.dev/ Last updated: 2026-04-09