# live-ledger-desktop-io-us.pages.dev — SUSPICIOUS

> live-ledger-desktop-io-us.pages.dev is a crypto drainer site pushing fake Ledger Live downloads. 0/95 VirusTotal detections flagged—verify via PhishDestroy.

## Summary
PhishDestroy identifies live-ledger-desktop-io-us.pages.dev as an active crypto-draining site that masquerades as the legitimate Ledger Live desktop application to trick users into downloading and executing malicious software. Once installed, the malware silently drains cryptocurrency wallets by replacing wallet addresses in the clipboard and intercepting browser traffic, often without visible warnings. The payload is delivered through a convincingly spoofed download page hosted on Cloudflare Pages, leveraging Google Trust Services SSL to appear legitimate at first glance.  This domain was flagged by PhishDestroy with unique seed c74533 and is currently under investigation. It resolves to IP 172.66.47.126 and has not yet been detected by VirusTotal, showing 0 detections out of 95 scanners as of the latest analysis. The site is registered through Cloudflare, Inc., which provides fast hosting and SSL termination, making it harder to trace the true origin. Despite its clean VT score, behavioral analysis and code inspection reveal clear indicators of a crypto drainer, including obfuscated JavaScript that monitors clipboard activity and wallet connection requests.  If you visited live-ledger-desktop-io-us.pages.dev, immediately disconnect from the internet and run a full antivirus scan. Do not enter any wallet recovery phrases, passwords, or private keys on the site. If you downloaded any file, isolate it and scan it with multiple tools before execution. Verify any Ledger-related downloads only through the official ledger.com domain. Report the domain to PhishDestroy using seed c74533 to help block further attacks. Consider rotating wallet credentials and enabling hardware wallet protection if you suspect compromise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.126

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/bfbbc544-ea96-4624-9d1f-a0af3152f22c
- PhishDestroy: https://phishdestroy.io/domain/live-ledger-desktop-io-us.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/live-ledger-desktop-io-us.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/live-ledger-desktop-io-us.pages.dev/
Last updated: 2026-03-25