# tgb-ladger-live.pages.dev — SUSPICIOUS

> PhishDestroy identifies tgb-ladger-live.pages.dev as a Ledger wallet drainer kit distributing via Cloudflare Pages. Critical 0/95 VT score observed.

## Summary
Investigation into tgb-ladger-live.pages.dev reveals an active domain impersonating the legitimate Ledger cryptocurrency wallet platform, classified as a drainer kit phishing scheme. The adversary has constructed a convincing replica targeting users managing digital assets via Ledger’s ecosystem. Infrastructure leverages a Pages.dev subdomain hosted on Cloudflare, a tactic commonly observed in modern phishing operations to bypass traditional URL filtering mechanisms. No specific malware payloads have been identified in initial scans, though the threat aligns with browser-based wallet drainer scripts designed to siphon funds from connected wallets upon unauthorized access.

Technical analysis highlights key indicators: the domain resolves to 172.66.45.20, registered through Cloudflare, Inc., and currently exhibits a VirusTotal detection rate of 0/95. The SSL certificate is issued by Google Trust Services, a legitimate authority potentially exploited to enhance trust perception. Historical data suggests recent activation, though exact creation timestamp remains unverified due to Cloudflare’s privacy protections. At present, this domain remains unflagged by Google Safe Browsing and lacks entries across blocklists monitored by security vendors.

The domain remains active as of the latest scan, with risk categorized as 'under investigation' due to evolving threat intelligence. Immediate containment actions include domain takedown requests to Cloudflare and Ledger’s abuse teams. Users are advised to avoid interacting with any tgb-ladger-live.pages.dev URLs and to verify all wallet-related communications via official Ledger domains. Remaining risk includes potential expansion of the campaign across alternative subdomains or infrastructure shifts to evade mitigation efforts. Continuous monitoring of this seed (e1acea) is underway to track domain and IP evolution.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.45.20

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/86257993-e0f2-4feb-aaf8-51bbfa9767ab
- PhishDestroy: https://phishdestroy.io/domain/tgb-ladger-live.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/tgb-ladger-live.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/tgb-ladger-live.pages.dev/
Last updated: 2026-03-22