# ledgr-desktop-live.pages.dev — MALICIOUS

> Explore the high-risk brand impersonation attempt by ledgr-desktop-live.pages.dev targeting Ledger users. Now offline and blocked.

## Summary
PhishDestroy identifies ledgr-desktop-live.pages.dev as a high-risk domain engaged in brand impersonation targeting Ledger, a notable cryptocurrency hardware wallet provider. The domain was crafted to deceive users through mimicry of Ledger's branding, aiming to harvest sensitive information or credentials. The risk level is elevated due to the potential financial loss and data compromise associated with such attacks.

This domain was registered on February 21, 2026, through Cloudflare, Inc., and resolved to IP address 172.66.47.167. It appeared on at least one security blocklist and was flagged by 16 out of 95 security vendors on VirusTotal, confirming its malicious nature. The page title encountered—"Suspected phishing site | Cloudflare"—indicates that Cloudflare’s defense mechanisms identified and flagged the content. This infrastructure and detection data lend strong credibility to the classification of the domain as a phishing threat exploiting Ledger’s brand reputation.

Mitigation efforts have been successful, as the domain is currently offline and inaccessible, reducing immediate risk to users. Nonetheless, vigilance is recommended for Ledger users who might have encountered this site. PhishDestroy advises verifying URLs carefully and relying on official Ledger channels. Continued monitoring of similar domain registrations is essential to prevent recurrence of such brand impersonation attacks.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Ledger
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.167
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["jade.ns.cloudflare.com", "west.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Emsisoft", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Netcraft", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c73a1-88c2-7098-ba7e-c71e7d02ab1d.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/bc56532c-7411-481e-b26c-0d09b6406a52
- PhishDestroy: https://phishdestroy.io/domain/ledgr-desktop-live.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledgr-desktop-live.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledgr-desktop-live.pages.dev/
Last updated: 2026-03-19