# app-ledgerlive--safe.pages.dev — MALICIOUS

> PhishDestroy identifies app-ledgerlive--safe.pages.dev as a Ledger brand impersonation phishing site. 16/95 VirusTotal detections confirm active malicious.

## Summary
PhishDestroy identifies app-ledgerlive--safe.pages.dev as an active cryptocurrency wallet phishing campaign impersonating the Ledger brand to steal user credentials and crypto funds.

This domain poses a clear threat by mimicking the official Ledger Live application interface to trick users into entering their recovery phrases or private keys. Evidence confirms the malicious nature of the site with 16 out of 95 security vendors on VirusTotal flagging it as malicious, and the domain is hosted on infrastructure associated with known phishing operations. Registered through Cloudflare, Inc., the domain resolves to IP address 188.114.97.3 and operates under a Google Trust Services SSL certificate to appear legitimate. The elevated risk level is further underscored by the presence of this domain on multiple threat intelligence blocklists, indicating widespread recognition of its malicious intent.

Users who visited app-ledgerlive--safe.pages.dev should immediately cease any interaction with the site and assume their credentials or cryptocurrency assets may have been compromised. Ledger users are advised to revoke any entered recovery phrases or private keys and transfer remaining funds to a newly generated, secure wallet using the official Ledger Live application from ledger.com. Enable two-factor authentication on all related accounts and monitor for unauthorized transactions. If credentials were entered, change passwords immediately and consider enabling credit monitoring. Report the incident to Ledger support and local cybercrime authorities if significant losses occurred.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 16 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/97f2e144-1185-4be9-b786-561e4069d440
- PhishDestroy: https://phishdestroy.io/domain/app-ledgerlive--safe.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/app-ledgerlive--safe.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/app-ledgerlive--safe.pages.dev/
Last updated: 2026-03-22