# ledger-live-download-b2n.pages.dev — SUSPICIOUS

> PhishDestroy warns about ledger-live-download-b2n.pages.dev, a crypto drainer impersonating Ledger Live. This Google Trust Services domain (IP: 188.114.97.

## Summary
PhishDestroy identifies an active brand impersonation campaign targeting Ledger users via the domain ledger-live-download-b2n.pages.dev. This page is a crypto drainer posing as the official Ledger Live download portal, engineered to steal cryptocurrency funds and harvest seed phrases. The threat level is classified as elevated due to its active status, deceptive branding, and use of a crypto drainer payload, which poses immediate financial risk to users who engage with it.  

This domain was flagged by 2 out of 95 security vendors on VirusTotal, indicating low but present detection. It resolves to IP address 188.114.97.3 and uses an SSL certificate issued by Google Trust Services, which may enhance its perceived legitimacy. The domain is registered through Cloudflare, Inc., and hosted on Cloudflare Pages (pages.dev), a platform often abused for phishing due to its free tier and legitimate appearance. Its recent creation and lack of presence on major blocklists suggest it is a newly deployed campaign with minimal historic detection, increasing the risk of exposure to unsuspecting users. The domain mimics the Ledger brand precisely to deceive users into downloading malicious software.  

Users are advised to avoid interacting with this domain or any links associated with it. Do not download software from unofficial sources or third-party sites claiming to be Ledger Live. Always verify download links by navigating directly to the official Ledger website (ledger.com) and cross-checking URLs for authenticity. Use hardware wallets like Ledger devices only for transaction signing and never enter seed phrases or private keys on any web interface. Enable multi-factor authentication on all crypto-related accounts and monitor transactions for unauthorized activity. If exposed to this threat, revoke any permissions granted to suspicious apps, transfer assets to a secure wallet, and report the incident to Ledger support and PhishDestroy for further analysis.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/66b4f511-7a17-42f9-9c1d-14911bf3efbc
- PhishDestroy: https://phishdestroy.io/domain/ledger-live-download-b2n.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledger-live-download-b2n.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledger-live-download-b2n.pages.dev/
Last updated: 2026-03-22