# ledger-live-desktop-eng-us.pages.dev — SUSPICIOUS > Beware: ledger-live-desktop-eng-us.pages.dev mimics Ledger Live to push a crypto drainer. It shows 0/95 detections on VirusTotal. ## Summary PhishDestroy has identified ledger-live-desktop-eng-us.pages.dev as an active crypto wallet impersonation domain designed to deceive users into downloading malicious software under the guise of the official Ledger Live desktop application. This domain hosts a convincing replica of Ledger's branding, including false claims of being the 'English (US)' version of the Ledger Live desktop client, with the intention of tricking users into installing a crypto drainer or credential-stealing malware. The threat actor leverages Cloudflare's infrastructure and a Google Trust Services SSL certificate to appear legitimate, while the domain resolves to IP address 172.66.46.237. This domain exhibits multiple red flags that warrant immediate attention from security teams and end users. VirusTotal currently shows 0 detections out of 95 scanning engines, indicating that traditional antivirus solutions have not yet flagged this threat. The domain is registered through Cloudflare, Inc., which obscures the true registrant details and adds a layer of obfuscation commonly exploited by threat actors. While the exact creation date is not provided, the use of a Google Trust Services SSL certificate suggests a recent setup, as these certificates are typically issued for newer domains to bolster trust. The absence of detections on VirusTotal underscores the importance of proactive threat intelligence and user vigilance, as reactive scanning may fail to catch emerging threats. Users who have visited this domain or interacted with its content should take immediate action to secure their accounts and devices. First, disconnect the device from the internet to prevent potential data exfiltration or further malware communication. Next, run a full antivirus scan using a reputable security solution to detect and remove any malicious artifacts. Finally, if any cryptocurrency wallets or credentials were entered on this site, transfer funds to a new wallet and revoke any exposed API keys or permissions. Report the domain to PhishDestroy to aid in tracking and takedown efforts, and educate others in your organization about this specific impersonation campaign to prevent further infections. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.46.237 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/abf0c44d-c4e7-4f37-9ea3-4bc796e2613c - PhishDestroy: https://phishdestroy.io/domain/ledger-live-desktop-eng-us.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ledger-live-desktop-eng-us.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledger-live-desktop-eng-us.pages.dev/ Last updated: 2026-03-22