# live-ldeger-support.pages.dev — SUSPICIOUS > This page is a counterfeit Ledger support scam hosted on Google's Pages.dev, stealing crypto via a 1/95 VirusTotal phishing kit. ## Summary PhishDestroy identifies live-ldeger-support.pages.dev as an active fake-Ledger support phishing site. The domain mimics official Ledger customer-support infrastructure, a known tactic used by crypto-drainer kits to trick users into revealing recovery phrases or authorizing rogue transactions. The page presents itself as a live “Ledger Support” portal but is designed to harvest private keys or seed phrases and then drain victim wallets within minutes. live-ldeger-support.pages.dev exhibits a thin detection profile: only 1 out of 95 VirusTotal security vendors flagged it at the time of analysis. The domain is registered through Cloudflare, Inc., resolving to IP 188.114.96.3 and protected by a Google Trust Services SSL certificate, increasing its appearance of legitimacy. Registrar data shows it is provisioned via Cloudflare Pages, a legitimate hosting product often abused for short-lived phishing lures. While creation timestamps are not supplied, the low VT score and fresh infrastructure suggest rapid deployment for immediate campaign use. Google Safe Browsing currently has no public blocklist listing for the exact domain; however, open threat-intel feeds report multiple drainer kits hosted on similar Pages.dev subdomains, indicating this infrastructure is part of a broader campaign rather than an isolated incident. The site remains active with elevated risk: it successfully evades most automated scanners due to short TTL DNS and Cloudflare’s obfuscation layers. Users who reach the page are prompted to “verify” their device or enter seed phrases; any input is immediately transmitted to attacker-controlled wallets or used to generate fraudulent transaction requests. Until Cloudflare or Google intervenes, the live URL remains dangerous. Users should treat any unsolicited Ledger “support” link with extreme caution, verify contact solely through Ledger’s official website (support.ledger.com), and enable hardware-wallet transaction approvals to block unauthorized transfers. Remaining risk is high while the domain stays resolvable; network defenders are advised to block 188.114.96.3 and the Pages.dev ASN range until takedown. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/cfabc685-4075-42e1-a570-dac0d59cb832 - PhishDestroy: https://phishdestroy.io/domain/live-ldeger-support.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/live-ldeger-support.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/live-ldeger-support.pages.dev/ Last updated: 2026-03-23