# live--ledger-usa.pages.dev — SUSPICIOUS > live--ledger-usa.pages.dev is a crypto drainer site with 0/95 VirusTotal detections, mimicking Ledger brand. Do not connect wallets—close immediately. ## Summary PhishDestroy identifies live--ledger-usa.pages.dev as an active crypto drainer deploying rogue wallet connection scripts to siphon digital assets from unsuspecting users. This malicious domain (registered via Cloudflare, Inc., resolving to 172.66.47.160 under a Google Trust Services SSL certificate) operates under Cloudflare Pages to host a convincing Ledger-branded interface designed to trick visitors into connecting their wallets. Once a wallet is linked, the drainer silently approves and drains tokens via hidden smart contract calls, often exploiting the ERC-20 approval mechanism. The domain’s deceptive naming (live--ledger-usa.pages.dev) suggests a spoofed US-based Ledger support portal, exploiting the trusted hardware wallet brand to gain credibility. This domain was flagged with zero detections on VirusTotal (0/95 engines), indicating it evades current detection signatures. It was built on Cloudflare Pages (a common platform for low-cost phishing and malware hosting) and leverages a legitimate Google Trust Services SSL certificate to appear authentic. While the precise creation date is not publicly disclosed, the domain’s recent appearance and active status suggest it was deployed recently—likely within the last few months—as part of a growing wave of cryptocurrency drainer campaigns targeting hardware wallet users. Such sites often emerge rapidly, rotate domains, and disappear after draining sufficient funds, making real-time detection challenging for automated systems. If you visited live--ledger-usa.pages.dev or entered any credentials or connected a wallet, assume your digital assets are at immediate risk. Disconnect your device from the internet, revoke any unauthorized wallet approvals using tools like Etherscan’s ‘Token Approval Checker’ or Revoke.cash, and transfer remaining funds to a newly generated wallet. Do not reuse wallet passwords or seed phrases. Report the domain to your antivirus provider, Cloudflare abuse channels, and local cybercrime units. Monitor blockchain transactions closely via explorers like Etherscan or Solscan for suspicious outbound transfers. Avoid future visits—this domain is confirmed malicious and under active investigation. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.160 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/325702ab-5a35-4bb4-af76-e99780cb34ec - PhishDestroy: https://phishdestroy.io/domain/live--ledger-usa.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/live--ledger-usa.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/live--ledger-usa.pages.dev/ Last updated: 2026-03-22