# ledger-live-qas.pages.dev — SUSPICIOUS

> Ledger-live-qas.pages.dev impersonates Ledger and carries a crypto drainer. Verify on PhishDestroy before entering any data. VT 2/95 flagged

## Summary
PhishDestroy identifies ledger-live-qas.pages.dev as an active brand impersonation site currently hosting a crypto-draining operation. This domain is a high-fidelity Ledger clone designed to harvest private keys and seed phrases directly from unwitting users. All activity should be treated as elevated risk; no legitimate Ledger endpoint uses a pages.dev subdomain for authentication or software distribution.

This domain was flagged with 2 out of 95 VirusTotal security vendors, indicating early-stage detection coverage. It resolves to IP 188.114.96.3 via Cloudflare, Inc. and holds a Google Trust Services SSL certificate, which attackers commonly abuse to cloak malicious payloads under a veneer of legitimacy. The site’s Cloudflare registration masks underlying infrastructure details, complicating takedown efforts and prolonging exposure. No transparent creation date is publicly available because Cloudflare anonymizes WHOIS records, but VirusTotal first recorded samples within the last 30 days. Despite its polished appearance, the domain already appears on one known phishing blocklist and maintains a low trust score across multiple reputation engines.

To neutralize this threat, users must avoid interacting with ledger-live-qas.pages.dev entirely. Verify any Ledger-related link by navigating manually to the official Ledger website—never via email, search results, or third-party redirects. Enable multi-factor authentication on all Ledger devices and wallets, restrict device firmware updates to the official Ledger Live app downloaded from ledger.com, and consider transferring assets to hardware wallets with offline seed storage. Report the domain immediately to PhishDestroy, your browser’s safe-browsing tool, and your antivirus provider to accelerate de-listing and block propagation.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/b3a2b7dc-18f1-47e2-8c91-3d1614cf3626
- PhishDestroy: https://phishdestroy.io/domain/ledger-live-qas.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledger-live-qas.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledger-live-qas.pages.dev/
Last updated: 2026-03-22