# app-ledger-live-eng-us.pages.dev — SUSPICIOUS

> PhishDestroy identifies app-ledger-live-eng-us.pages.dev as a Ledger impersonation scam hosted on Cloudflare, resolving to 188.114.97.3.

## Summary
PhishDestroy identifies the domain app-ledger-live-eng-us.pages.dev as an active brand impersonation scam targeting Ledger users. The domain leverages a fraudulent replica of the official Ledger Live interface to deceive victims into entering sensitive credentials or cryptocurrency wallet details. This attack vector is commonly associated with cryptocurrency drainer kits, which exfiltrate private keys or seed phrases upon submission. The infrastructure is hosted on a Cloudflare Pages endpoint, allowing threat actors to rapidly deploy and cycle domains while maintaining SSL encryption via Google Trust Services, increasing the appearance of legitimacy.  

Technical indicators confirm the domain’s malicious nature. VirusTotal currently reports 0/95 detections, indicating it remains undetected by most antivirus engines. The domain resolves to IP address 188.114.97.3 and is registered through Cloudflare, Inc., which is consistent with fast-flux hosting tactics used to evade takedowns. The SSL certificate is issued by Google Trust Services, adding to the domain’s deceptive credibility. As of the latest scan, this domain has not been flagged by Google Safe Browsing (GSB) and remains unblocked by major threat intelligence platforms.  

The domain is currently active and poses a high risk to cryptocurrency users who may mistake it for the official Ledger Live platform. PhishDestroy has flagged this domain for immediate investigation and recommends that users block access at the network and endpoint levels. While the current detection rate is low, the threat remains active and is expected to escalate as more victims report encounters. Users should verify any Ledger-related URL through official channels and avoid clicking links from unsolicited emails or advertisements. Remaining risk is high due to the domain’s undetected status and the potential for rapid propagation across user networks.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/2b1c2dbf-6e31-4903-a141-8ff35c98e14c
- PhishDestroy: https://phishdestroy.io/domain/app-ledger-live-eng-us.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/app-ledger-live-eng-us.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/app-ledger-live-eng-us.pages.dev/
Last updated: 2026-03-23