# ledger-desktop-liv.pages.dev — SUSPICIOUS

> ledger-desktop-liv.pages.dev (Cloudflare) is a crypto drainer with 0/95 VirusTotal detections. Avoid connecting wallets or entering seed phrases.

## Summary
PhishDestroy identifies ledger-desktop-liv.pages.dev as a live crypto drainer site currently under investigation. It mimics the legitimate Ledger Live desktop application to trick cryptocurrency users into connecting their wallets and authorizing malicious transactions. The rogue site leverages Cloudflare’s Pages.dev service to host its payload, granting attackers plausible deniability and making takedowns slower. This domain represents a growing trend in browser‑based exploits that silently drain digital assets without requiring file downloads or executable installations.  This domain was flagged on 2024-05-12 via automated behavioral analysis and resolves to IP 172.66.47.104. It was registered through Cloudflare, Inc., hiding the true registrant. Notably, VirusTotal currently reports 0 detections out of 95 engines, indicating low AV coverage. The site uses a Google Trust Services SSL certificate to appear legitimate, and its presence on Cloudflare Pages.dev makes content ephemeral—often disappearing within hours of reporting but reappearing under new subdomains.  If you visited this site, disconnect your wallet immediately. Do not authorize any transactions or enter your seed phrase. Clear browser cache and cookies linked to your crypto activities. Report the domain to PhishDestroy or your wallet provider. Consider revoking any malicious permissions in your wallet settings and monitor on-chain activity for unauthorized transfers. Always access Ledger Live via the official website or app store—never via third-party links.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.104

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/bdeebe70-2d8d-4bff-9478-658272f7f6c0
- PhishDestroy: https://phishdestroy.io/domain/ledger-desktop-liv.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledger-desktop-liv.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledger-desktop-liv.pages.dev/
Last updated: 2026-03-22