# ledger-live-connects.org — MALICIOUS

> ledger-live-connects.org impersonates Ledger in a high-risk phishing attempt. Domain is offline but flagged on multiple blocklists.

## Summary
PhishDestroy identifies ledger-live-connects.org as a high-risk domain involved in brand impersonation targeting Ledger users. This threat is classified with a high risk level due to its association with phishing activities designed to deceive victims by mimicking the Ledger brand. Although currently offline, the domain's previous activity poses significant security concerns.

Supporting evidence for this assessment includes the domain's presence on three distinct security blocklists and detection by 16 out of 95 security vendors on VirusTotal. The domain was created recently on February 21, 2026, and registered through Shinjiru Technology Sdn Bhd, known for hosting suspicious registrations. Additionally, it has been observed in one AlienVault OTX threat intelligence pulse and resolves to IP address 188.114.97.3. The page title captured was "404 Not Found," indicating the site is no longer serving malicious content.

Mitigation for users involves avoiding this domain due to its past phishing use and brand impersonation tactics. Despite its current offline status, similar domains may emerge, so vigilance around Ledger-related URLs is crucial. Security teams and users should continue to rely on updated blocklists and threat intelligence feeds, such as those referenced here, to prevent exposure to fraudulent Ledger-themed websites like ledger-live-connects.org.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 404)
- Target brand: Ledger
- Page title: 404 Not Found

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Shinjiru Technology Sdn Bhd
- Country: MY
- IP: 188.114.97.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["audrey.ns.cloudflare.com", "leonidas.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "Certego", "CRDF", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "Lionic", "SOCRadar", "Sophos", "VIPRE"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c5447-064c-7283-ac7d-fbee7dcc21e9.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/4470f58e-4c5a-4bdd-99d6-ac4fe6f0b5b2
- PhishDestroy: https://phishdestroy.io/domain/ledger-live-connects.org/
- LLM endpoint: https://phishdestroy.io/domain/ledger-live-connects.org/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledger-live-connects.org/
Last updated: 2026-03-19