# ledger-desktopp.pages.dev — SUSPICIOUS > PhishDestroy identifies ledger-desktopp.pages.dev as an active Ledger brand impersonation site (Cloudflare-hosted) resolving to 172.66.44. ## Summary PhishDestroy identifies ledger-desktopp.pages.dev as an active Ledger brand impersonation campaign leveraging a Pages.dev subdomain to deliver malicious payloads. The site poses an elevated risk by masquerading as the legitimate Ledger desktop application installer, tricking users into downloading counterfeit software. Cloudflare infrastructure is abused for rapid rotation and evasion, increasing the likelihood of successful compromise. This domain was flagged by PhishDestroy through seed 46e7eb. It is registered via Cloudflare, Inc., resolves to IP 172.66.44.203, and is detected by only 2 out of 95 VirusTotal security vendors. As a Pages.dev subdomain, it inherits Cloudflare’s reputation for legitimate use, which attackers exploit to bypass domain-based filtering. The low detection rate and reliance on a trusted TLD highlight the sophistication of the campaign. To mitigate risk, users should avoid downloading software from non-official Ledger domains, especially Pages.dev or similar free hosting platforms. Ledger applications should only be downloaded from ledger.com or verified app stores. Organizations are advised to block IP 172.66.44.203 and the domain ledger-desktopp.pages.dev at the network perimeter. Continuous monitoring of new subdomains mimicking Ledger and user education on verifying download sources are critical to preventing infection. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.203 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - PhishDestroy: https://phishdestroy.io/domain/ledger-desktopp.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ledger-desktopp.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledger-desktopp.pages.dev/ Last updated: 2026-03-26