# desktop-live-ledgr.wixstudio.com — SUSPICIOUS > desktop-live-ledgr.wixstudio.com poses as a fake Ledger Live login page to steal crypto wallet credentials. ## Summary PhishDestroy identifies desktop-live-ledgr.wixstudio.com as a live phishing domain impersonating Ledger Live to harvest cryptocurrency wallet credentials. The threat actor leverages WixStudio’s subdomain hosting to create a convincing fake login portal, tricking users into surrendering private keys or seed phrases under the guise of a desktop application update or security alert. This domain was flagged due to its active SSL certificate issued by Let’s Encrypt, which lends false legitimacy, and its hosting on a Google Cloud IP (34.144.206.118), a common tactic to evade immediate network-level detection. While currently undetected on VirusTotal (0/95 engines), the use of a legitimate hosting provider and free SSL certificate indicates a deliberate attempt to bypass automated scanning tools and deceive cautious users. This domain exhibits several red flags consistent with credential harvesting campaigns. VirusTotal currently shows 0 detections out of 95 antivirus engines, highlighting its stealthiness against signature-based detection. The domain resolves to a Google Cloud IP (34.144.206.118), a hosting provider frequently abused for phishing due to its high reputation and relaxed abuse policies. While the creation date and registrar are not explicitly listed in the provided intelligence, the presence of a Let’s Encrypt SSL certificate suggests recent activation, as these certificates are typically issued for short-lived domains used in phishing operations. The domain name itself—desktop-live-ledgr.wixstudio.com—employs a homograph-like pattern, replacing 'Ledger' with 'ledgr' to mimic the legitimate Ledger Live application, a common social engineering technique to exploit user trust and oversight. Users who have visited this domain should immediately cease any interaction and avoid entering credentials, wallet addresses, or private keys. If login details were submitted, users must revoke access to their cryptocurrency wallets via the official Ledger Live application or web portal, enable two-factor authentication (2FA) on all associated accounts, and transfer funds to a new wallet if compromised. Scan all devices used to access the phishing page with updated antivirus and anti-malware tools, as the threat actor may have deployed additional payloads. Report the incident to Ledger’s official support and consider filing a complaint with Google’s Safe Browsing team using the IP address (34.144.206.118) and domain to aid in takedown efforts. Avoid clicking any links or downloading files from this domain, as further malicious activity cannot be ruled out. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 34.144.206.118 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/desktop-live-ledgr.wixstudio.com - PhishDestroy: https://phishdestroy.io/domain/desktop-live-ledgr.wixstudio.com/ - LLM endpoint: https://phishdestroy.io/domain/desktop-live-ledgr.wixstudio.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/desktop-live-ledgr.wixstudio.com/ Last updated: 2026-04-09