# ledger-livedsktop.pages.dev — SUSPICIOUS > PhishDestroy identifies ledger-livedsktop.pages.dev as a Ledger brand impersonation phishing domain with 0/95 VirusTotal detections. Check the full report. ## Summary PhishDestroy has flagged ledger-livedsktop.pages.dev as an active brand impersonation scam designed to mimic Ledger, a trusted cryptocurrency hardware wallet provider. The threat actor leverages a deceptive domain structure—specifically the misspelled 'livedsktop' variant—to exploit user trust and harvest sensitive account credentials or seed phrases under the guise of legitimate Ledger support. This impersonation technique is commonly paired with fake software updates or security alerts to trick victims into downloading malicious software or entering login details on fraudulent portals. The site is currently under investigation for distributing a drainer kit targeting cryptocurrency users. This domain was registered via Cloudflare, Inc., and leverages Google Trust Services for SSL encryption, lending it a veneer of legitimacy. It resolves to IP address 188.114.97.3 and currently shows 0 detections out of 95 scans on VirusTotal, remaining undetected by most security engines. The domain appears to have been created recently (exact date pending WHOIS verification), but despite this, it has already been added to at least one blocklist, indicating early recognition of malicious intent. While the domain is not flagged in Google Safe Browsing (GSB), its use of the Cloudflare Pages.dev subdomain platform may complicate takedown efforts due to Cloudflare’s abuse mitigation response times. As of this report, the threat status is marked 'active' with risk still under evaluation. PhishDestroy is coordinating with the infrastructure provider and affected brands to initiate takedown procedures. Users are strongly advised to verify download sources directly from the official Ledger website (ledger.com) and avoid clicking links from unsolicited communications. The remaining risk is rated as developing, with potential for increased phishing campaigns targeting crypto users if the domain remains operational. Immediate action is warranted to prevent further victimization. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/4079f424-5b51-4313-bd17-2db4cc939697 - PhishDestroy: https://phishdestroy.io/domain/ledger-livedsktop.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ledger-livedsktop.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledger-livedsktop.pages.dev/ Last updated: 2026-03-30