# ledger-livedeskktp.pages.dev — SUSPICIOUS

> Domain ledger-livedeskktp.pages.dev is a crypto drainer impersonating Ledger. Resolves to 172.66.44.123 with 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies the active domain ledger-livedeskktp.pages.dev as a Ledger brand impersonation campaign with a suspected crypto drainer payload. The threat level is currently marked as 'under_investigation' but exhibits high-risk indicators, including infrastructure aligned with cryptocurrency theft. This campaign targets Ledger users by mimicking the official brand to deceive victims into connecting wallets or entering seed phrases. The domain is not yet widely flagged, making it particularly dangerous for uninformed users.  

This domain was flagged by PhishDestroy under seed ad6af0 and exhibits several technical indicators of malicious intent. It resolves to IP address 172.66.44.123, a Cloudflare-hosted endpoint commonly abused for phishing and crypto drainer operations. The SSL certificate is issued by Google Trust Services, which does not inherently indicate legitimacy due to the ease of obtaining trusted certificates from major providers. VirusTotal currently shows 0/95 security vendor detections, suggesting this domain has evaded automated scanning tools. The domain is registered through Cloudflare, Inc., and leverages the pages.dev subdomain of Cloudflare Pages, a service often exploited to host fraudulent landing pages. The lack of detections and reliance on cloud hosting infrastructure make this campaign stealthy and persistent.  

To mitigate the risk posed by ledger-livedeskktp.pages.dev, users must avoid interacting with this domain entirely. If you encountered this domain through an email, SMS, or social media message, do not click any embedded links or download any files. Ledger users should verify all communications by visiting the official website directly (ledger.com) and cross-referencing any URLs against PhishDestroy or other threat intelligence platforms. Enable hardware wallet security features, such as passphrase protection, and never enter your seed phrase or private keys into any web form. Report this domain to PhishDestroy for further analysis and consider blocking the IP address 172.66.44.123 at your network perimeter. Stay vigilant for similar campaigns, as threat actors frequently shift infrastructure to evade detection.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.123

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/5986b609-a113-4ab4-853b-2a1def94589b
- PhishDestroy: https://phishdestroy.io/domain/ledger-livedeskktp.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledger-livedeskktp.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledger-livedeskktp.pages.dev/
Last updated: 2026-04-13