# legderlive.pages.dev — SUSPICIOUS

> legderlive.pages.dev mimics Ledger Live in a phishing campaign hosted on Cloudflare Pages (IP 188.114.97.3). Users risk wallet drainers and credential theft.

## Summary
PhishDestroy identifies legderlive.pages.dev as an active fake-Ledger Live phishing site deployed on Cloudflare Pages. This domain is part of a generic phishing campaign that abuses Ledger-branded UI elements to harvest seed phrases or push malicious drainer scripts. No bespoke drainer kit has been extracted yet; the page likely relies on a pre-built Cryptor or Seedphrase grabber available in underground toolkits. The site presents itself as an online version of Ledger’s desktop app and prompts users for recovery phrases under the guise of updating firmware or restoring wallets.  This domain resolves to IP 188.114.97.3 and is registered through Cloudflare, Inc., which is also acting as the hosting provider via Pages.dev. VirusTotal currently reports 0 detections out of 95 engines, meaning the sample remains undetected by mainstream scanners. The domain holds a valid SSL certificate issued by Google Trust Services, a tactic used to build user trust and bypass browser warnings. Creation date is pending OSINT confirmation; however, the page has been active since at least early evaluation cycles. It is not yet flagged in Google Safe Browsing nor listed on major public blocklists such as PhishTank or OpenPhish, indicating a recent or rapidly evolving campaign.  Current status is active under investigation, with no active takedowns in place as of this report. Immediate user action includes blocking the domain at DNS and firewall levels and warning Ledger users to download the official app only from ledger.com or verified app stores. Remaining risk is elevated due to low detection, SSL trust cues, and the high-value target (crypto wallets). Continued monitoring is recommended until the campaign is neutralized or drained of traffic.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/0bf859aa-f5dd-45d3-8a42-7ccddc85d5b3
- PhishDestroy: https://phishdestroy.io/domain/legderlive.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/legderlive.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/legderlive.pages.dev/
Last updated: 2026-03-23