# ledger-liv-home.pages.dev — SUSPICIOUS

> Ledger-Liv-Home.pages.dev is a brand impersonation site stealing crypto without detection; VirusTotal shows 0/95 detections.

## Summary
PhishDestroy identifies an active brand impersonation campaign targeting Ledger users via the domain ledger-liv-home.pages.dev. This fraudulent site mimics the official Ledger brand to deceive victims into entering seed phrases or connecting crypto wallets, enabling fund theft through a crypto drainer kit. The campaign leverages Cloudflare Pages to host its infrastructure, providing both anonymity and plausible deniability to threat actors. The domain was registered under Cloudflare, Inc., and resolves to IP 188.114.97.3, which currently hosts malicious content masquerading as a Ledger support portal or wallet interface.


Technical analysis reveals this threat is under-investigated, with no detections on VirusTotal (0/95) at time of analysis. The domain uses a valid SSL certificate issued by Google Trust Services (GTS CA 1C3), increasing its perceived legitimacy for victims. Registrar data indicates it was deployed recently via Cloudflare’s Pages service, a vector commonly abused for low-cost, high-speed phishing launches. Despite the absence of current blocklist entries, the combination of zero AV detection, legitimate SSL, and targeted brand abuse elevates the risk of successful credential theft or wallet draining. No historical creation date is publicly available due to Cloudflare’s anonymized registration settings.


The campaign remains active, though labeled 'under_investigation' by threat intelligence sources. No official takedown or blocklist inclusion has occurred as of seed 919fcb. Immediate mitigation includes blocking the domain at DNS and network levels, adding the IP (188.114.97.3) to firewall rules, and warning Ledger users to verify URLs via official channels only. Organisations are advised to monitor for associated wallet drainer signatures and scan endpoints for interactions with this domain. While the current risk is assessed as moderate due to undetected status and limited spread, the potential for rapid escalation is high given exploit kit availability and low operational cost. Users should treat any ledger-liv-home.pages.dev link as hostile and report it to Ledger immediately.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/ledger-liv-home.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/ledger-liv-home.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledger-liv-home.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledger-liv-home.pages.dev/
Last updated: 2026-04-03