# app-ledgerlive--safe-3w5.pages.dev — MALICIOUS > PhishDestroy identifies app-ledgerlive--safe-3w5.pages.dev as a Ledger brand impersonation phishing domain. ## Summary PhishDestroy identifies app-ledgerlive--safe-3w5.pages.dev as an active brand impersonation phishing domain targeting Ledger users. This fraudulent site mimics the legitimate Ledger Live application interface to deceive victims into entering sensitive recovery phrases or wallet credentials under the guise of a "safe" update or security check. The threat actor leverages the trust associated with Ledger’s brand to deliver a convincing social engineering attack designed to harvest private keys, seed phrases, or other authentication details critical to cryptocurrency wallet security. This domain was flagged by 12 out of 95 VirusTotal security vendors, indicating elevated risk. It resolves to IP address 188.114.96.3 and is registered through Cloudflare, Inc., using a Google Trust Services SSL certificate to enhance its appearance of legitimacy. The site’s .pages.dev subdomain under Cloudflare Pages suggests an attempt to rapidly deploy and rotate infrastructure to evade detection. Although the exact creation date is not specified in available intelligence, the combination of low detection coverage and professional SSL issuance underscores the sophistication and adaptability of the threat actor. If you have visited app-ledgerlive--safe-3w5.pages.dev, immediately disconnect from the internet, check your device for unauthorized applications or browser extensions, and inspect wallet interfaces for signs of compromise. Do not enter any recovery phrases, passwords, or private keys on this site. Revoke any credentials exposed and transfer assets to a newly initialized wallet using official Ledger software from ledger.com. Report the domain to Ledger’s phishing reporting channel and consider scanning your system with reputable antivirus tools. Exercise heightened caution with any unsolicited communication referencing Ledger or cryptocurrency updates. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 12 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/a57dbe0a-b05a-4eee-a13f-40a0227eb9e3 - PhishDestroy: https://phishdestroy.io/domain/app-ledgerlive--safe-3w5.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/app-ledgerlive--safe-3w5.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/app-ledgerlive--safe-3w5.pages.dev/ Last updated: 2026-03-22