# ledger-us-live-desktop.pages.dev — SUSPICIOUS > ledger-us-live-desktop.pages.dev is a crypto drainer impersonating Ledger Live. 2/95 VirusTotal vendors flag this domain. Do not engage. ## Summary A malicious domain, ledger-us-live-desktop.pages.dev, has been flagged by PhishDestroy as an active crypto drainer targeting cryptocurrency users. The site masquerades as the legitimate Ledger Live desktop application, attempting to deceive victims into connecting their wallets and signing malicious transactions. This appears to be part of a broader campaign leveraging cloudflare pages.dev domains to distribute drainer kits, which exfiltrate funds from connected cryptocurrency wallets. Users should not interact with this domain under any circumstances. This domain was registered through Cloudflare, Inc. and resolves to the IP address 188.114.96.3, which is associated with Cloudflare's infrastructure. The SSL certificate is issued by Google Trust Services, potentially adding a false sense of legitimacy. VirusTotal analysis shows a detection rate of 2 out of 95 security vendors, indicating low initial visibility but a confirmed malicious presence. Further investigation suggests this domain is likely a recent creation, though exact registration date details are not publicly disclosed. The domain remains unlisted in Google Safe Browsing (GSB) at this time, increasing the risk of unknowing user exposure. Analysis of threat intelligence feeds does not reveal additional blocklist entries, so users relying solely on signature-based defenses may remain vulnerable. As of this advisory, ledger-us-live-desktop.pages.dev is assessed as an active and elevated threat. Immediate action should be taken by organizations to block this domain at DNS and network levels using the provided IP address and domain name. Users are strongly advised to avoid any links or communications referencing this domain, especially those claiming to offer Ledger Live downloads or wallet integrations. Remaining risk is elevated given the domain’s use of Cloudflare’s infrastructure and SSL certification, which may bypass some security controls. Continuous monitoring and user awareness campaigns are recommended to mitigate exposure to similar evolving threats. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/1a4036d7-386c-457c-bea3-11273b77b7bf - PhishDestroy: https://phishdestroy.io/domain/ledger-us-live-desktop.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ledger-us-live-desktop.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledger-us-live-desktop.pages.dev/ Last updated: 2026-03-22