# auth-ledger-live-wallet-en-us.pages.dev — MALICIOUS > PhishDestroy identifies auth-ledger-live-wallet-en-us.pages.dev as a Ledger Live wallet brand impersonation phishing domain flagged by 12/95 VirusTotal scanners. ## Summary PhishDestroy identifies the domain auth-ledger-live-wallet-en-us.pages.dev as an active brand impersonation threat targeting Ledger users. This page mirrors the Ledger Live wallet interface to deceive victims into exposing wallet credentials or initiating unauthorized crypto transfers. No custom drainer kit artifacts are visible in open-source reporting, but the page's UI closely mimics the legitimate Ledger Live web wallet to lower victim suspicion and increase successful credential harvesting. This domain was flagged by 12 out of 95 VirusTotal security vendors and resolves to IP 172.66.47.178. It was registered through Cloudflare, Inc. and secured with a Google Trust Services SSL certificate. The blocklist count currently stands at 12/95, indicating partial coverage across threat intelligence platforms. While the exact creation date is not disclosed by the registrar, the domain’s recent indexing and active hosting suggest a recently deployed campaign leveraging cloudflare pages.dev to rapidly shift infrastructure and evade takedown. As of today, this phishing domain remains active with elevated risk to cryptocurrency users. PhishDestroy recommends immediate blocking of both the domain and IP at the network level. Users should only access Ledger Live via the official ledger.com domain. Remaining risk includes continued abuse of legitimate cloud services and rapid domain cycling to sustain the campaign. Monitor for updated indicators and rotate wallet credentials if exposure is suspected. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.178 ## Detection Status - VirusTotal: 12 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/170b3a11-2f26-43f6-aff3-312ed0f8ccbc - PhishDestroy: https://phishdestroy.io/domain/auth-ledger-live-wallet-en-us.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/auth-ledger-live-wallet-en-us.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/auth-ledger-live-wallet-en-us.pages.dev/ Last updated: 2026-03-22