# ledgrliiv.pages.dev — SUSPICIOUS

> ledgrliiv.pages.dev serves as a brand-impersonation crypto wallet drainer with 0/95 VirusTotal detections. Impersonates Ledger brand. Do not interact.

## Summary
PhishDestroy identifies ledgrliiv.pages.dev as an active cryptocurrency wallet-draining site that impersonates the legitimate Ledger hardware wallet brand to trick users into connecting wallets or entering recovery phrases.  This domain operates as a crypto drainer under the guise of Ledger support, leveraging Cloudflare’s Pages platform for hosting through Cloudflare, Inc., with SSL issued by Google Trust Services. The page was flagged with 0 detections out of 95 VirusTotal engines at time of inspection, indicating it remains undetected by many security scanners despite its malicious intent. The site resolves to IP address 188.114.97.3, a Cloudflare edge node used to mask the true origin of the infrastructure. The impersonation centers on replicating Ledger-branded communication, including fake support pages or firmware alerts, to coerce users into surrendering private keys or signing malicious transactions.  If you visited ledgrliiv.pages.dev, disconnect your wallet immediately, revoke any unauthorized permissions in your wallet app, and transfer remaining funds to a clean wallet. Do not enter recovery phrases or connect to unknown sites. Report the domain to Ledger’s official fraud portal and your local cybercrime unit. Monitor wallet transactions for unauthorized activity and consider rotating wallet addresses if exposed. Avoid clicking links in unsolicited messages claiming to be from Ledger—always verify via official channels.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f7c957ee-2ca6-4673-b9f7-8e75708605a8
- PhishDestroy: https://phishdestroy.io/domain/ledgrliiv.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledgrliiv.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledgrliiv.pages.dev/
Last updated: 2026-03-26