# ledger-live-destop-welcome.pages.dev — SUSPICIOUS > ledger-live-destop-welcome.pages.dev delivers a fake Ledger Live login page to steal crypto via a crypto drainer. VirusTotal flags 2/95 vendors. ## Summary PhishDestroy identifies ledger-live-destop-welcome.pages.dev as an active brand-impersonation site posing as the legitimate Ledger Live desktop application’s welcome page. This domain is engineered to deceive users into entering their seed phrases or wallet credentials, enabling direct theft of cryptocurrency assets through a crypto drainer mechanism. The page closely mimics Ledger’s branding and UI, leveraging the familiarity of the Ledger brand to bypass user skepticism and increase the likelihood of credential submission. Security teams and end users should treat all pages hosted on this domain with extreme caution, as interaction may result in irreversible financial loss and compromised wallet security. This domain was flagged on VirusTotal, where only 2 out of 95 security vendors currently detect it as malicious, indicating a low initial detection rate despite clear malicious intent. The domain is registered through Cloudflare, Inc., and is hosted on IP address 185.114.97.3, which is associated with several other suspicious domains. While the SSL certificate is issued by Google Trust Services, this does not validate the site’s legitimacy, as threat actors frequently exploit trusted certificate authorities to enhance credibility. The domain leverages the Pages.dev platform, a legitimate service by Cloudflare Workers, to host malicious content while evading traditional web filtering measures. Given its active status and the specific targeting of Ledger users, this domain represents an elevated risk to cryptocurrency holders seeking secure access to their digital assets. If you have visited ledger-live-destop-welcome.pages.dev or entered any credentials or seed phrases, immediately revoke all wallet permissions connected to the exposed account, transfer remaining assets to a newly generated wallet with a clean seed phrase, and enable hardware wallet security where possible. Scan all connected devices for malware using reputable antivirus tools, as keyloggers or clipboard hijackers may have been installed during the visit. Report the domain to PhishDestroy and other threat intelligence platforms to help block further abuse. Refrain from reusing passwords or seed phrases across services, and always verify official URLs by checking Ledger’s verified domains or using their official application. Consider enabling multi-factor authentication and using hardware wallets for all critical transactions to mitigate risks from similar scams. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/8055a7c9-a27c-4ede-a6fa-20ca1787ba22 - PhishDestroy: https://phishdestroy.io/domain/ledger-live-destop-welcome.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ledger-live-destop-welcome.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledger-live-destop-welcome.pages.dev/ Last updated: 2026-03-22