# lledger-download-live-access.pages.dev — SUSPICIOUS

> Critical alert: lledger-download-live-access.pages.dev is a crypto drainer site with 2/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy identifies lledger-download-live-access.pages.dev as an active crypto drainer operated by malicious actors targeting cryptocurrency users. This domain is specifically designed to deceive victims into connecting wallets to a fraudulent Ledger Live interface, enabling unauthorized cryptocurrency transfers via on-chain drainer scripts. Threat actors leverage a spoofed Google Pages subdomain (pages.dev) to mimic legitimate Ledger services, exploiting trust in cloud-hosted development platforms to bypass traditional browser warnings. The domain resolves to Cloudflare IP 172.66.44.119 with a Google Trust Services SSL certificate, giving it deceptive legitimacy while hosting malicious JavaScript payloads.

This domain was flagged by PhishDestroy with elevated risk status, confirmed through VirusTotal scanning where only 2 out of 95 security vendors detected the threat as of analysis time. The domain is registered through Cloudflare, Inc., with infrastructure hosted on Cloudflare's network to obscure malicious operations. With extremely low detection rates despite active distribution, it represents a high-efficiency threat to cryptocurrency holders seeking updates or access to their digital assets.

Users who visited lledger-download-live-access.pages.dev should immediately revoke any wallet connections made to the site through their wallet provider's connection manager. Disconnect the domain immediately and check for unauthorized transactions on all connected wallets. Clear browser cache and disable any wallet extensions that may have interacted with the domain. Report the domain to your wallet provider and consider transferring remaining assets to a new wallet with a different seed phrase. Enable transaction alerts on all remaining wallets to detect suspicious activity early. This domain should be blocked at network and DNS levels due to confirmed malicious intent.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.119

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f71addb7-cdb5-4602-a454-bce9fb7b39b7
- PhishDestroy: https://phishdestroy.io/domain/lledger-download-live-access.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/lledger-download-live-access.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/lledger-download-live-access.pages.dev/
Last updated: 2026-03-22