# my-ledgr-live-us.pages.dev — SUSPICIOUS

> Danger: my-ledgr-live-us.pages.dev is a live crypto drainer mimicking Ledger Live; scan with PhishDestroy before entering wallet info — 0/95 VirusTotal.

## Summary
PhishDestroy identifies my-ledgr-live-us.pages.dev as an active crypto drainer domain masquerading as Ledger Live, leveraging a Google-hosted Cloudflare Pages endpoint to harvest seed phrases and private keys. The threat actor registered the subdomain under Cloudflare, Inc., and serves the drainer kit from IP 188.114.97.3, which currently evades detection engines with a 0 out of 95 VirusTotal score. Google Safe Browsing has not flagged the domain, and no third-party blocklists have yet listed it despite the ongoing campaign.

Technical indicators confirm this domain resolves to 188.114.97.3, operates under a Google Trust Services SSL certificate, and was created through Cloudflare’s Pages platform. VirusTotal shows zero detections across 95 engines as of the latest scan, while Google Safe Browsing has no classification. The registrar is Cloudflare, Inc., and the domain remains unlisted on major threat intelligence feeds, indicating a newly deployed infrastructure with minimal historical artifacts. The drainer kit is delivered via a Cloudflare Pages site, enabling rapid deployment and evasion of traditional signature-based defenses.

The domain is currently active and under investigation, with PhishDestroy tracking the campaign in real time. Immediate response actions include domain takedown requests to Cloudflare and ISPs, while ongoing monitoring continues for related subdomains and IP shifts. Remaining risk is classified as high due to the drainer’s ability to bypass current detection layers and impersonate a trusted hardware wallet service. Users are strongly advised to verify any Ledger Live links using PhishDestroy and avoid entering credentials or seed phrases on untrusted domains.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/76af4f03-38d7-47d0-9c8f-cd5b5981bdf7
- PhishDestroy: https://phishdestroy.io/domain/my-ledgr-live-us.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/my-ledgr-live-us.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/my-ledgr-live-us.pages.dev/
Last updated: 2026-03-21