# ledg-er-live-us.pages.dev — SUSPICIOUS

> ledg-er-live-us.pages.dev mimics Ledger's official site—posing as a wallet drainer. Resolves to IP 188.114.96.3.

## Summary
PhishDestroy identifies an active brand impersonation campaign leveraging the domain ledg-er-live-us.pages.dev, which fraudulently mimics the legitimate Ledger cryptocurrency wallet service. This domain employs social engineering tactics to deceive users into divulging sensitive wallet credentials or downloading malicious software. Based on available telemetry, the infrastructure appears to be part of a drainer kit designed to siphon cryptocurrency assets from unsuspecting victims. The campaign exhibits a high degree of sophistication in mimicking official branding and infrastructure, indicating a potentially well-resourced threat actor.  

This domain resolves to the IP address 188.114.96.3 and is registered through Cloudflare, Inc. VirusTotal currently shows a detection score of 0/95, suggesting it remains under the radar of most security vendors. The domain utilizes a Google Trust Services SSL certificate, further enhancing its legitimacy to end users. Despite its current obscurity, the domain has not been added to Google Safe Browsing (GSB) or other major blocklists as of the latest intelligence. The domain's creation date and additional infrastructure details remain under investigation, but its active status and impersonation of a high-profile brand like Ledger warrant immediate scrutiny.  

As of this advisory, ledg-er-live-us.pages.dev remains active and poses an ongoing threat to users seeking legitimate Ledger services. Immediate action is recommended to block this domain at the network perimeter and educate users about the risks of fraudulent wallet services. While the current risk level is marked as under_investigation, the absence of detections and lack of blocklist entries increases the potential for widespread compromise. Users are advised to verify all URLs, avoid clicking unsolicited links, and consult official Ledger communication channels for legitimate service access. Further monitoring and collaborative threat intelligence sharing are essential to mitigate this evolving risk.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/891abc74-d1dc-4e8c-b263-6a0f39a07638
- PhishDestroy: https://phishdestroy.io/domain/ledg-er-live-us.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledg-er-live-us.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledg-er-live-us.pages.dev/
Last updated: 2026-03-23