# ledjjer-live-desktop.pages.dev — SUSPICIOUS

> PhishDestroy identifies ledjjer-live-desktop.pages.dev as a crypto drainer targeting cryptocurrency users. VirusTotal score: 0/95 detections. Block immediately.

## Summary
PhishDestroy confirms ledjjer-live-desktop.pages.dev operates as a crypto drainer, a specialized phishing variant designed to illicitly transfer cryptocurrency assets from victims' wallets without authorization. The domain masquerades under a generic 'ledjjer-live-desktop' subdomain, likely leveraging deceptive branding or service impersonation to lure cryptocurrency users into connecting their wallets. No specific drainer kit (e.g., MetaMask or WalletConnect exploit kits) has been identified in open-source intelligence, though the domain's structure suggests a fake live streaming or desktop service platform as a decoy for wallet connection requests.

Technical indicators for ledjjer-live-desktop.pages.dev are as follows: the domain resolves to IP address 188.114.97.3 and is registered through Cloudflare, Inc., utilizing a Google Trust Services SSL certificate. VirusTotal currently reports 0 detections out of 95 scanners, indicating evasion of signature-based detection mechanisms. While the exact registration date is not disclosed in available records, this domain has been flagged as active and is not currently listed on Google Safe Browsing (GSB) blocklists. Additionally, no prior entries referencing this domain in threat intelligence databases were found during initial investigations.

As of this report, ledjjer-live-desktop.pages.dev remains active and under investigation, posing an active risk to cryptocurrency users. Immediate actions include blocking the domain at the network level and advising cryptocurrency platforms to flag or blacklist the domain and associated IP (188.114.97.3). Users should avoid interacting with the domain or any linked wallet connection prompts. The site is currently unflagged by major blocklists and antivirus engines, emphasizing the need for proactive threat hunting and behavioral detection measures. Remaining risk is high due to active status, cryptocurrency targeting, and current lack of detection coverage.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/11e2cea8-1a26-4219-a451-ffeb0c5867c7
- PhishDestroy: https://phishdestroy.io/domain/ledjjer-live-desktop.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledjjer-live-desktop.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledjjer-live-desktop.pages.dev/
Last updated: 2026-03-23