# download-ledgerrlive.pages.dev — SUSPICIOUS

> download-ledgerrlive.pages.dev is an active crypto drainer posing as Ledger Live software. It is flagged by 1/95 VirusTotal vendors and resolves to 172.66.47.7.

## Summary
PhishDestroy identifies download-ledgerrlive.pages.dev as an active crypto drainer deployed under the fe0797 seed. This domain masquerades as the official Ledger Live application, a legitimate cryptocurrency wallet management platform, to deceive users into downloading malicious software that stealthily drains crypto assets. The threat level is classified as elevated due to the presence of a confirmed crypto drainer payload and low detection rates from security vendors, indicating a relatively new or highly targeted campaign.


This domain was flagged by 1 out of 95 VirusTotal security vendors, showing limited but concerning detection. The domain resolves to IP address 172.66.47.7 and is registered through Cloudflare, Inc., leveraging Google Trust Services for SSL certification. The use of a Cloudflare-hosted pages.dev subdomain suggests an attempt to exploit legitimate platform infrastructure to evade traditional blocklists. While the exact registration date is not provided, the combination of low VT detection, use of a reputable CDN, and presence of a crypto drainer payload indicates a recently activated campaign designed for precision targeting. The SSL certificate issued by Google Trust Services may provide a false sense of legitimacy to users, further increasing the risk of successful deception.


Users are strongly advised to avoid downloading Ledger Live or any cryptocurrency-related software from domains outside of the official ledger.com website. Always verify software sources by checking the domain’s HTTPS certificate issuer, URL spelling, and cross-referencing with official vendor channels. Install browser extensions that monitor and block known crypto drainer domains, and consider using hardware wallets with offline transaction signing to mitigate the risk of remote asset theft. Monitor transaction histories and wallet addresses for unauthorized transfers, especially after interacting with wallet management tools or clicking on links in unsolicited messages. If exposure is suspected, immediately revoke wallet connections, transfer remaining assets to a new, secure wallet, and perform a full system scan using updated antivirus software.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.7

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4c55fd3c-a7b6-40aa-a48e-c1addd286d73
- PhishDestroy: https://phishdestroy.io/domain/download-ledgerrlive.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/download-ledgerrlive.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/download-ledgerrlive.pages.dev/
Last updated: 2026-04-01