# leedger-live-desk-top.pages.dev — SUSPICIOUS > WARNING: leedger-live-desk-top.pages.dev impersonates Ledger's desktop app as a crypto drainer. Verify URL legitimacy on PhishDestroy before downloading. ## Summary PhishDestroy identifies leedger-live-desk-top.pages.dev as a live crypto drainer posing as an official Ledger desktop application installer. The domain leverages Cloudflare Pages to host a lookalike interface that prompts users to connect wallets under the guise of updating or initializing their Ledger device. Unsuspecting victims may download a malicious payload that exfiltrates private keys or signs unauthorized transactions, leading to irreversible asset loss. SSL encryption via Google Trust Services adds a false sense of legitimacy, while the current lack of detection on VirusTotal (0/95) highlights the rapidly evolving nature of this threat. This domain was registered through Cloudflare, Inc. and resolves to IP 172.66.46.249. VirusTotal currently shows zero detections despite active abuse, and Cloudflare's infrastructure complicates takedown efforts. The Pages.dev subdomain indicates a quick deployment method favored by threat actors to bypass traditional domain-based blacklists. Security researchers should monitor for additional samples leveraging Ledger branding across similar services as this campaign expands. If you visited this domain or downloaded any files, immediately disconnect from the internet, revoke any wallet connections made through the fake interface, and run a full system scan using reputable antivirus software. Users are strongly advised to verify the legitimacy of Ledger downloads by cross-checking against official sources at ledger.com and using hardware device verification. PhishDestroy recommends reporting the domain and any associated wallet addresses to relevant blockchain monitoring platforms to prevent further fund loss. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.46.249 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/dec4a06a-0347-4b43-bb31-f4af481ef1b8 - PhishDestroy: https://phishdestroy.io/domain/leedger-live-desk-top.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/leedger-live-desk-top.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/leedger-live-desk-top.pages.dev/ Last updated: 2026-03-28