# ledgor-livve.pages.dev — SUSPICIOUS > WARNING: ledgor-livve.pages.dev mimics Ledger to steal crypto. Verified 0/95 VirusTotal detections. Check safety on PhishDestroy now. ## Summary PhishDestroy identifies ledgor-livve.pages.dev as an active brand impersonation scam designed to mimic the legitimate Ledger cryptocurrency wallet platform. This malicious domain deploys a fraudulent interface aimed at tricking users into entering sensitive wallet credentials or downloading malicious software under the guise of a Ledger-related service. The threat actor has engineered the site to appear authentic, leveraging Cloudflare's infrastructure and a Google Trust Services SSL certificate to enhance credibility and evade detection. The domain’s structure—using the ‘pages.dev’ subdomain under Cloudflare Pages—further masks its malicious intent by blending in with legitimate development platforms. Security researchers note that such impersonation attacks are increasingly common in the cryptocurrency space, where attackers exploit brand trust to facilitate fund theft and credential harvesting. This domain was flagged by PhishDestroy with a risk level marked as under_investigation, indicating active scrutiny by cybersecurity teams. Technical indicators include a VirusTotal detection rate of 0 out of 95 antivirus engines as of the latest scan, suggesting it remains under the radar of mainstream security tools. The domain resolves to IP address 188.114.97.3, which is associated with Cloudflare’s hosting infrastructure—a common tactic among threat actors to obfuscate their true origin. The domain is registered through Cloudflare, Inc., a legitimate registrar that is often misused by attackers to rapidly deploy and rotate malicious domains. While the exact creation date is not provided, the use of a Cloudflare Pages subdomain implies recent deployment, likely within the past few months. The absence of blocklist entries at the time of analysis underscores the importance of proactive threat intelligence, as traditional detection mechanisms have not yet caught up with this threat. Users who have visited ledgor-livve.pages.dev should immediately cease any interaction with the site and avoid entering personal or financial information. If credentials or sensitive data were submitted, users must revoke access to their Ledger wallet immediately and transfer funds to a new, secure wallet address. It is critical to scan all connected devices for malware, as the site may have delivered payloads such as crypto drainers or keyloggers. Users are advised to verify the legitimacy of any Ledger-related domains by cross-referencing with official sources, such as the verified Ledger website (ledger.com) or their secure dashboard. Additionally, report this domain to PhishDestroy and relevant cybersecurity platforms to aid in its takedown and prevent further victimization. Proactive monitoring of wallet transactions is strongly recommended to detect any unauthorized transfers promptly. By remaining vigilant and leveraging threat intelligence platforms like PhishDestroy, users can mitigate the risks posed by such impersonation scams and protect their digital assets. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/c4e656c3-f93a-493b-8f32-1723170365e7 - PhishDestroy: https://phishdestroy.io/domain/ledgor-livve.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ledgor-livve.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledgor-livve.pages.dev/ Last updated: 2026-04-12