# ledger-en-desktop--ledg.pages.dev — SUSPICIOUS

> ledger-en-desktop--ledg.pages.dev is a crypto drainer impersonating Ledger Live desktop. This active scam has 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies ledger-en-desktop--ledg.pages.dev as an active crypto drainer impersonating Ledger Live desktop software. This domain is currently under investigation as a live threat to cryptocurrency users, with confirmed malicious infrastructure hosting fraudulent content. The threat actor has deployed a multi-stage attack chain designed to deceive users into downloading counterfeit desktop applications that exfiltrate private keys and digital assets.


This domain was flagged by 0 of 95 VirusTotal vendors despite hosting a crypto drainer payload, registered through Cloudflare, Inc., resolving to IP 172.66.47.188, secured with a Google Trust Services SSL certificate, and remains undetected on public threat intelligence platforms. The use of Cloudflare's Pages.dev platform provides anonymity and rapid deployment capabilities, while the Google Trust Services certificate lends false legitimacy to the malicious domain. This combination of evasion techniques highlights the sophistication of the threat actor in bypassing traditional security controls.


Current status remains active with no vendor detection, indicating this threat is newly emerged and rapidly evolving. Users are strongly advised to avoid downloading any Ledger Live software from third-party domains, especially those hosted on pages.dev or similar cloud-based platforms. Verify all software downloads directly from the official Ledger website (ledger.com) and enable multi-factor authentication on all cryptocurrency wallets. If this domain has been accessed, disconnect from the internet immediately, scan all devices for malware, and revoke any exposed API keys or private keys. Report this domain to your antivirus provider and local cybercrime units to aid in takedown efforts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.188

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/d20f86c5-d019-4a77-85bc-6997648f8eca
- PhishDestroy: https://phishdestroy.io/domain/ledger-en-desktop--ledg.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledger-en-desktop--ledg.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledger-en-desktop--ledg.pages.dev/
Last updated: 2026-03-22