# official--ledger-live.pages.dev — SUSPICIOUS > PhishDestroy identifies official--ledger-live.pages.dev as a Ledger brand impersonation site flagged by 2/95 VirusTotal vendors. ## Summary PhishDestroy identifies the domain official--ledger-live.pages.dev as an active Ledger brand impersonation page designed to deceive users into divulging sensitive information. The threat actor leveraged a Pages.dev subdomain to lend false legitimacy to the impersonation, exploiting Ledger's trusted brand to distribute crypto drainer payloads or harvest credentials. The infrastructure behind this domain is consistent with opportunistic campaigns targeting cryptocurrency users by mimicking legitimate service interfaces. This domain was flagged by 2 out of 95 security vendors on VirusTotal, indicating limited but not negligible detection. The domain resolves to IP 188.114.97.3 and is registered through Cloudflare, Inc. despite the Pages.dev hosting platform. The SSL certificate is issued by Google Trust Services, which may contribute to a false sense of security. While no specific drainer kit payload has been confirmed, the impersonation strongly suggests intent to harvest private keys or seed phrases under the guise of a Ledger Live interface. As of this advisory, the domain remains active with no known takedown action. Immediate blocking of the domain and IP is strongly recommended to prevent user exposure. Organizations should update browser and DNS blocklists to include official--ledger-live.pages.dev and 188.114.97.3. Users are advised to avoid interacting with any unsolicited Ledger-branded links and verify all URLs through official channels. The elevated risk of credential theft or crypto asset loss persists as long as the domain remains operational. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/8c125e7a-40c8-41f2-ae24-6080600b249a - PhishDestroy: https://phishdestroy.io/domain/official--ledger-live.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/official--ledger-live.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/official--ledger-live.pages.dev/ Last updated: 2026-03-22