# liiv-ledger.pages.dev — SUSPICIOUS

> liiv-ledger.pages.dev linked to a crypto drainer targeting cryptocurrency users. 0/95 VirusTotal detections. Full investigation required.

## Summary
liiv-ledger.pages.dev has been flagged as an active crypto drainer site, specifically designed to steal cryptocurrency assets through deceptive Ledger-themed phishing lures. The domain leverages Cloudflare Pages to host malicious content, evading traditional detection mechanisms while exploiting user trust in legitimate hardware wallet brands. This tactic aligns with rising crypto drainer campaigns that impersonate trusted platforms to siphon funds from unsuspecting victims. The site remains under active analysis as its infrastructure evolves to avoid detection.


This domain was flagged with a current VirusTotal detection rate of 0/95, indicating it has not yet been widely recognized by security vendors despite its malicious activity. It resolves to IP 188.114.96.3, registered through Cloudflare, Inc., and secured with a Google Trust Services SSL certificate. While no blocklist entries have been recorded yet, the absence of detections suggests a newly deployed or rapidly shifting threat that demands immediate scrutiny.


To mitigate risks associated with this crypto drainer, users should avoid interacting with the domain or any associated links, particularly those claiming to offer Ledger wallet services. Organizations should block the domain at the network level and monitor for connections to IP 188.114.96.3. Additionally, cryptocurrency users must verify URLs before entering credentials or transferring assets, prioritizing official channels over third-party sites. Sharing threat intelligence across security teams can help preempt further campaigns leveraging similar tactics.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/liiv-ledger.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/liiv-ledger.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/liiv-ledger.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/liiv-ledger.pages.dev/
Last updated: 2026-04-02