# ldger-live-desktop.wixstudio.com — SUSPICIOUS

> ldger-live-desktop.wixstudio.com impersonates Ledger Live to deploy a credential theft phishing page. VirusTotal flags 1/95 vendors.

## Summary
This domain mimics the official Ledger Live desktop interface to trick users into entering their recovery phrases or private keys, enabling direct theft of cryptocurrency funds. The attacker uses the WixStudio platform to host a visually identical replica of the legitimate Ledger Live interface, targeting users who may overlook subtle URL differences or SSL indicators. Common tactics include fake update prompts, urgency messages (e.g., 'Your wallet is compromised'), and spoofed support chat windows to extract credentials. Users who enter their 24-word recovery phrase or private keys risk immediate loss of funds, as these are the master keys to their wallets. The domain leverages cloud hosting (IP 34.144.206.118) with a Let's Encrypt SSL certificate to appear legitimate and avoid initial suspicion.


PhishDestroy identifies this site as a confirmed credential theft phishing page, with VirusTotal reporting only 1 out of 95 security vendors detecting it at the time of analysis. The domain was likely registered recently, exploiting the trust users place in Ledger’s brand reputation. Registrar information indicates use of a privacy-protected service to obscure ownership details, a common tactic among phishing operators. The low detection rate (1.05%) highlights the stealthiness of this campaign, which relies on social engineering rather than overt malware. Technical indicators such as the mismatched domain (wixstudio.com vs ledger-live.com) and the IP geolocation (hosted on Google Cloud in the US) further confirm its malicious nature.


If you visited this site, immediately disconnect from the internet to prevent any data exfiltration. Never enter your Ledger recovery phrase, seed phrase, or private keys into any website or app outside the official Ledger Live application. Scan your device with reputable antivirus software like Malwarebytes or Windows Defender to check for keyloggers or spyware. Revoke any session tokens or API keys exposed during the visit via your Ledger account dashboard. If you entered credentials, transfer your funds to a new wallet immediately using a clean, offline device. Report the domain to Google Safe Browsing (safebrowsing.google.com/report_phish) and Ledger’s official support channels. Always verify URLs manually (ledger.com/live) and enable Ledger’s 'Passphrase' feature for additional security.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 34.144.206.118

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ab8d1191-d9ba-4b98-b9e2-1ac304482c42
- PhishDestroy: https://phishdestroy.io/domain/ldger-live-desktop.wixstudio.com/
- LLM endpoint: https://phishdestroy.io/domain/ldger-live-desktop.wixstudio.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ldger-live-desktop.wixstudio.com/
Last updated: 2026-04-15