# connect-ledger-livee-app.pages.dev — SUSPICIOUS > Domain connect-ledger-livee-app.pages.dev linked to Ledger brand impersonation. 0/95 on VirusTotal. Zero detections despite active campaign. Do not interact. ## Summary PhishDestroy identifies a newly active domain, connect-ledger-livee-app.pages.dev, specifically crafted to mimic the official Ledger cryptocurrency wallet platform. This impersonation site poses as a legitimate Ledger Live application portal, aiming to deceive users into entering sensitive credentials or downloading malicious software under the guise of wallet management tools. The threat actor leverages Cloudflare's Pages.dev service to host this replica, capitalizing on legitimate hosting infrastructure to evade basic filtering mechanisms. Given the domain's recent registration and consistent impersonation tactics, there is a high likelihood this infrastructure is part of a broader credential theft or crypto-draining campaign targeting Ledger users. Technical analysis reveals several red flags indicative of malicious intent. VirusTotal currently reports 0 out of 95 security vendors flagging this domain, indicating it remains under the radar despite active abuse. The domain resolves to IP address 188.114.97.3 and utilizes a Google Trust Services SSL certificate, which may lend an air of legitimacy to unsuspecting visitors but does little to mask its underlying malicious behavior. The registrar, Cloudflare, Inc., is a legitimate entity, but the use of their platform to host impersonation content highlights the sophistication of threat actors in exploiting trusted services for nefarious purposes. This combination of low detection rates, recent domain registration, and impersonation of a high-value target like Ledger underscores the elevated risk this domain presents to cryptocurrency users seeking secure wallet solutions. Users who have visited connect-ledger-livee-app.pages.dev or interacted with its content should treat any entered credentials as potentially compromised and immediately reset passwords across all associated accounts, particularly email and Ledger-related services. Enable multi-factor authentication wherever possible and review transaction histories for any unauthorized activity. If cryptocurrency wallets were accessed through this domain, consider transferring remaining assets to newly generated, offline wallets as a precaution. Report the domain to your security team or via your organization’s phishing reporting channels to aid in blocking efforts. Remain vigilant for follow-on phishing attempts, as threat actors often utilize compromised data for targeted follow-up attacks. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/74269b4e-8c50-412f-9ac5-0a76a59980b1 - PhishDestroy: https://phishdestroy.io/domain/connect-ledger-livee-app.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/connect-ledger-livee-app.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/connect-ledger-livee-app.pages.dev/ Last updated: 2026-03-26