# ledgir-live-web.pages.dev — SUSPICIOUS > Analysts flag ledgir-live-web.pages.dev as a Ledger brand impersonation site suspected of credential theft. ## Summary PhishDestroy identifies ledgir-live-web.pages.dev as an active brand impersonation domain targeting Ledger cryptocurrency wallet users. The page layout mirrors official Ledger interfaces to harvest seed phrases or credentials, indicating credential theft tactics. Infrastructure analysis associates the page with a crypto-drainer kit profiled in recent private threat feeds. Technical indicators for ledgir-live-web.pages.dev include a VirusTotal detection ratio of 1/95 security vendors, registration through Cloudflare Inc., and a static IP at 188.114.96.3. The domain secures TLS via a Google Trust Services certificate, confirming active SSL termination. Historical records show Cloudflare Pages deployment, suggesting rapid, disposable infrastructure favored by adversaries to bypass blocklists. As of today, the domain remains unlisted in Google Safe Browsing and has accrued zero entries in major threat intelligence feeds, increasing its evasiveness. Current status places ledgir-live-web.pages.dev as active and elevated risk due to its impersonation focus on Ledger users—high-value targets for cryptocurrency theft. Response actions include immediate DNS blocklisting at network and endpoint levels, browser policy enforcement via enterprise blocklists, and stakeholder notification to Ledger’s security team. While the immediate threat is mitigated through these controls, residual risk remains due to the domain’s potential to reappear under varied Cloudflare Pages hostnames. Users are advised to verify site authenticity via Ledger’s official domain (ledger.com), enable hardware wallet verification, and report unsolicited clipboard or seed-phrase requests. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/ledgir-live-web.pages.dev - PhishDestroy: https://phishdestroy.io/domain/ledgir-live-web.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ledgir-live-web.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledgir-live-web.pages.dev/ Last updated: 2026-04-09