# ledger--live--welcome.pages.dev — SUSPICIOUS > ledger--live--welcome.pages.dev is a Ledger impersonation site serving a crypto drainer. VirusTotal shows 0/95 detections. ## Summary PhishDestroy identifies ledger--live--welcome.pages.dev as an active brand impersonation domain designed to deliver a cryptocurrency drainer to unsuspecting Ledger users. The site mimics the official Ledger Live interface to trick visitors into connecting wallets and approving malicious transactions that silently drain funds. Security telemetry places the domain at IP 188.114.96.3 via Cloudflare, Inc., using a Google Trust Services SSL certificate to appear legitimate. Current scanning by VirusTotal shows zero detections out of 95 engines, indicating the payload has not yet been widely flagged by antivirus platforms. This domain was flagged by PhishDestroy’s automated pipeline on seed 7917e1 and added to the threat database under brand_impersonation with status active. The infrastructure is provisioned through Cloudflare, Inc. with a Google Trust Services certificate, which is commonly abused to host short-lived phishing pages that evade traditional blocklists. Despite zero VirusTotal detections, the domain remains untrusted and should not be accessed for any Ledger-related activities. Users who visited ledger--live--welcome.pages.dev should immediately revoke any wallet connections made on the site and transfer remaining assets to a clean wallet. Scan connected devices with reputable antivirus software and monitor blockchain transactions for unauthorized transfers. Report the domain to PhishDestroy for further analysis and update browser security extensions to block known malicious domains. Never enter recovery phrases or private keys on unfamiliar sites. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/993c478e-5539-4c85-99cc-618bb059f02b - PhishDestroy: https://phishdestroy.io/domain/ledger--live--welcome.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ledger--live--welcome.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledger--live--welcome.pages.dev/ Last updated: 2026-03-28