# ledgerco-log.pages.dev — MALICIOUS

> ledgerco-log.pages.dev is a crypto drainer posing as Ledger Live. 8/95 VirusTotal engines flag this phishing domain; avoid clicking any links and report it.

## Summary
The domain ledgerco-log.pages.dev is an active crypto-drainer campaign impersonating the legitimate Ledger Live platform in order to trick users into connecting their wallets so that malicious JavaScript can drain cryptocurrency assets. The infrastructure uses a phishing page hosted on Cloudflare Pages with a Google Trust Services SSL certificate to appear legitimate. This combination of Ledger branding and crypto-drainer kit is designed to harvest private keys, seed phrases, or hot-wallet signatures without raising immediate suspicion.

Technical indicators collected on 2024-05-29 show the domain resolves to IPv4 address 172.66.47.85, is registered through Cloudflare, Inc., and is protected by a Google Trust Services certificate. VirusTotal analysis (engines updated 2024-05-29) yields a detection ratio of 8 positive flags out of 95 participating vendors, placing this sample in a high-risk tier for automated scanning tools. There is no public record of an official creation date, and the domain does not appear on Google Safe Browsing as of the last scan, but it has already been listed by several third-party threat intelligence feeds, increasing the likelihood of fresh discovery by end-users.

Current status is active and the seed hash 388699 confirms the campaign is tracked by PhishDestroy. Immediate response actions include adding the domain and its IP to organizational blocklists, updating browser and DNS filters, and raising user-awareness alerts within the cryptocurrency community. Remaining risk is elevated: because the payload is delivered via JavaScript triggered by a wallet-connect flow, even security-conscious users may inadvertently authorize malicious transactions. Continuous monitoring and takedown coordination with Cloudflare Pages and Google Trust Services are required to mitigate further victimization.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.85

## Detection Status
- VirusTotal: 8 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/24eff48c-55cf-4804-8208-f42a887409d0
- PhishDestroy: https://phishdestroy.io/domain/ledgerco-log.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledgerco-log.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledgerco-log.pages.dev/
Last updated: 2026-03-22