# ledger-live-desktpp.pages.dev — SUSPICIOUS > Domain ledger-live-desktpp.pages.dev spotted impersonating Ledger to push a crypto drainer kit. VirusTotal flags 1 of 95 scanners. Block it immediately. ## Summary PhishDestroy identifies the malicious domain ledger-live-desktpp.pages.dev actively impersonating the Ledger brand to deploy a crypto-currency drainer kit designed to siphon funds from unsuspecting cryptocurrency holders. The decoy site closely mimics the legitimate Ledger Live interface, targeting users searching for desktop wallet software. Threat actors registered the domain through Cloudflare, Inc., hosting it behind Cloudflare’s infrastructure at IP address 172.66.46.224 and securing it with a Google Trust Services SSL certificate to boost credibility and bypass basic browser warnings. This domain carries an elevated risk profile, flagged by only 1 out of 95 VirusTotal security vendors at the time of analysis. Registrar details indicate recent creation via Cloudflare’s Pages service, leveraging the *.pages.dev wildcard to blend into legitimate DevCenter deployments. The SSL certificate, issued by Google Trust Services, enhances its appearance of legitimacy and may help evade detection in automated scans. Despite minimal detection coverage, the site is actively serving malicious content aimed at credential theft and crypto fund exfiltration. No known associations with known drainer families (e.g., Angel Drainer, Pink Drainer) have been confirmed at this time, but behavioral analysis confirms automated fund transfer initiation upon wallet connection. As of the latest assessment, ledger-live-desktpp.pages.dev remains active and is serving a live crypto-draining payload. Immediate containment is advised: block the domain at DNS, firewall, and proxy levels; flag the IP 172.66.46.224 and SSL certificate issuer chain; and alert end-users to avoid downloading software from unofficial sources. While current detection is low, this site poses a significant risk to cryptocurrency users seeking Ledger applications. Continuous monitoring of this domain and related infrastructure is recommended, and organizations should consider deploying behavioral-based detection rules targeting crypto wallet connection prompts and automated fund transfer patterns to mitigate ongoing exposure. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.46.224 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/d508cee1-e0fa-4fd2-bcba-f2d8837b5277 - PhishDestroy: https://phishdestroy.io/domain/ledger-live-desktpp.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ledger-live-desktpp.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledger-live-desktpp.pages.dev/ Last updated: 2026-03-22