# ledger-lonedo.pages.dev — MALICIOUS

> ledger-lonedo.pages.dev is a confirmed crypto drainer posing as Ledger Live. Block this domain due to 14/95 VirusTotal detections and active drainer activity.

## Summary
The domain ledger-lonedo.pages.dev is a live crypto drainer impersonating Ledger Live, leveraging a trustworthy Pages.dev subdomain to deceive victims. This threat is associated with seed 75b45a, indicating a known drainer kit variant tracked in cybersecurity threat databases. The campaign specifically targets cryptocurrency users by mimicking legitimate Ledger communication channels, aiming to trick users into connecting wallets or entering seed phrases under false pretenses. This is part of a broader trend where threat actors abuse reputable cloud hosting services like Cloudflare Pages to host malicious drainer scripts that silently drain funds from connected wallets.


Forensic analysis confirms this domain resolves to IP 172.66.44.233 via Cloudflare, Inc., with Google Trust Services providing the SSL certificate. VirusTotal flags this domain as malicious with a detection ratio of 14 out of 95 security vendors, underscoring its elevated risk profile. The domain is configured on a Pages.dev subdomain, which is a common tactic to evade traditional domain-based blocklists while leveraging the reputation of Pages.dev for initial access. It is currently unlisted on Google Safe Browsing, and aggregate threat intelligence indicates no formal takedown actions have been initiated as of this report.


This domain remains ACTIVE and poses an elevated risk to cryptocurrency users. Security researchers and end users should immediately block or avoid ledger-lonedo.pages.dev. If accessed, users should disconnect their wallets, revoke any connected permissions, and check for unauthorized transactions. The persistent use of Pages.dev and Cloudflare infrastructure suggests adaptation to detection mechanisms, requiring continuous monitoring and updated blocklists. Remaining risk includes ongoing drainer activity and potential evolution into new campaigns targeting additional brands or platforms.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.233

## Detection Status
- VirusTotal: 14 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/6bacabee-bb75-401b-9a69-e620aaa7ecd2
- PhishDestroy: https://phishdestroy.io/domain/ledger-lonedo.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledger-lonedo.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledger-lonedo.pages.dev/
Last updated: 2026-03-22