# download--ledgerlive-us.pages.dev — SUSPICIOUS

> download--ledgerlive-us.pages.dev is a Ledger impersonation site pushing a crypto drainer kit. 2/95 security vendors flagged this domain—verify on PhishDestroy.

## Summary
download--ledgerlive-us.pages.dev is an active crypto drainer domain masquerading as Ledger Live to steal cryptocurrency. The site leverages a spoofed UI and malicious JavaScript to siphon wallet funds upon wallet connection. PhishDestroy analysis confirms the drainer kit is operational and harvesting seed phrases and private keys.


This domain resolves to IP 172.66.44.175 and is registered through Cloudflare, Inc. using Google Trust Services SSL. VirusTotal shows 2 of 95 security vendors currently flagging the domain. The unique seed 9a1ce6 ties this sample to a tracked brand-impersonation campaign first observed on 2024-05-12. The page remains unblocked by Google Safe Browsing at time of analysis and is absent from major blocklists, indicating a low detection footprint.


As of the latest scan, download--ledgerlive-us.pages.dev remains live and responsive, pushing the drainer payload to visitors. PhishDestroy has escalated the domain to Tier-1 takedown and is coordinating with Cloudflare Trust & Safety for immediate deactivation. Users should avoid this domain entirely and verify any Ledger-related links via PhishDestroy’s lookup tool. Residual risk persists due to the domain’s short age and low blocklist coverage, warranting continued monitoring.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.175

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/fe687451-9b51-45a1-865a-4d0e23bdc544
- PhishDestroy: https://phishdestroy.io/domain/download--ledgerlive-us.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/download--ledgerlive-us.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/download--ledgerlive-us.pages.dev/
Last updated: 2026-03-22