# ledger--live-run.pages.dev — SUSPICIOUS

> PhishDestroy flags ledger--live-run.pages.dev as a Ledger impersonation crypto drainer with 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies ledger--live-run.pages.dev as an active brand-impersonation domain targeting Ledger cryptocurrency wallet users. The domain is configured to mimic the official Ledger Live interface and may be used to harvest seed phrases or redirect transactions to attacker-controlled wallets. No drainer kit artifacts have been extracted at this stage, but the site’s layout and language strongly suggest a crypto-draining operation.  

Domain and hosting details are as follows: registered through Cloudflare, Inc., resolving to IP 172.66.47.90, secured with a Google Trust Services SSL certificate, and currently carrying a VirusTotal detection score of 0 out of 95 scanners. The domain was created under Cloudflare’s Pages.dev platform and remains unlisted on Google Safe Browsing as of this assessment. No public blocklists have flagged the domain yet, indicating a low but growing footprint.  

This domain is under active investigation as of seed a744d8, with status marked active and risk level under_investigation. PhishDestroy has flagged the page and is monitoring for further infrastructure pivots or drainer kit deployment. Users are advised to avoid interacting with the domain and verify any Ledger-related links using official channels. Remaining risk is moderate due to the domain’s low detection footprint and potential for rapid expansion in phishing campaigns.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.90

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ecb2676b-51d3-43c6-be89-100e8e7011d8
- PhishDestroy: https://phishdestroy.io/domain/ledger--live-run.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledger--live-run.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledger--live-run.pages.dev/
Last updated: 2026-03-28