# ledger-lonedm.pages.dev — SUSPICIOUS

> ledger-lonedm.pages.dev poses as a Ledger service but is a crypto-drainer site with 0/95 VirusTotal detections. Users should avoid and report this active scam.

## Summary
PhishDestroy identifies ledger-lonedm.pages.dev as an active crypto-drainer scam impersonating Ledger services to steal cryptocurrency. This fraudulent domain (registered via Cloudflare) leverages Cloudflare Pages to host malicious scripts designed to drain wallet funds under the guise of a legitimate service. The threat actor behind this domain uses obfuscated JavaScript to intercept wallet connections and prompt unauthorized transactions, targeting users who may confuse this page for an official Ledger service portal.  This domain was flagged with 0 detections out of 95 VirusTotal scanners, indicating it remains undetected by most antivirus engines as of the latest analysis. It resolves to IP address 172.66.47.122, a Cloudflare-operated range commonly abused for phishing infrastructure. The domain’s SSL certificate, issued by Google Trust Services, adds a false veneer of legitimacy, while its seed identifier (fb6ca5) confirms its connection to a known crypto-drain operation tracked by security researchers. Despite its recent registration through Cloudflare, Inc., the lack of blocklist coverage highlights the evolving sophistication of such attacks.  Users who visited ledger-lonedm.pages.dev should immediately disconnect any connected wallets and revoke any unauthorized transaction approvals via their wallet’s interface. Scan devices for malware using reputable tools like Malwarebytes or Windows Defender, and reset browser settings to remove persistent scripts. Report the domain to Google Safe Browsing and your local CERT to aid in its takedown. Always verify URLs via official Ledger channels and enable hardware wallet transaction verification to mitigate future risks.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.122

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/5dd29438-9d4f-43d6-bb43-b0dc7092d07b
- PhishDestroy: https://phishdestroy.io/domain/ledger-lonedm.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledger-lonedm.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledger-lonedm.pages.dev/
Last updated: 2026-03-22