# ledgerlive-desktop-en.pages.dev — SUSPICIOUS

> Page hosting fake Ledger Live Desktop installer via Cloudflare (VirusTotal 0/95). Identified as crypto wallet drainer kit. Check the full report.

## Summary
PhishDestroy identifies ledgerlive-desktop-en.pages.dev as a live brand impersonation site masquerading as the official Ledger Live Desktop installer. The domain deploys a drainer kit targeting cryptocurrency wallet users by prompting downloads of a malicious executable disguised as a legitimate installer. Analysis shows the attacker leverages a Cloudflare Pages deployment to host the phishing content on 188.114.96.3, evading traditional detection while mimicking Ledger’s branding to harvest seed phrases and private keys.

Technical indicators confirm this threat remains undetected with 0 detections on VirusTotal out of 95 engines, registered through Cloudflare, Inc. The domain resolves to IP 188.114.96.3 and operates under a Google Trust Services SSL certificate. Creation date is recent, matching Cloudflare Pages’ auto-generated subdomain pattern, and it remains unblocked by Google Safe Browsing as of this assessment. Current blocklist coverage is zero, indicating active exposure to potential victims.

This domain is currently active and under investigation, with no takedown action confirmed. Remaining risk is high due to zero detection rates and the use of a reputable hosting/CDN provider. Users are advised to avoid downloading installers from unofficial domains, verify URLs via official Ledger channels, and report any encounters to PhishDestroy for further analysis.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/b08aace4-d088-447f-8446-7ed60e5e5cd9
- PhishDestroy: https://phishdestroy.io/domain/ledgerlive-desktop-en.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledgerlive-desktop-en.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledgerlive-desktop-en.pages.dev/
Last updated: 2026-03-22