# en-us-ldger-live-download.pages.dev — SUSPICIOUS > Malicious en-us-ldger-live-download.pages.dev impersonates Ledger Live downloads. Flagged by only 0 of 95 VirusTotal vendors. Check the full report. ## Summary PhishDestroy identifies the domain en-us-ldger-live-download.pages.dev as an active phishing site masquerading as the official Ledger Live download portal. This domain is currently under investigation but remains live, serving as a primary vector for credential theft and cryptocurrency wallet compromise. The threat involves a convincing imitation of Ledger's legitimate distribution infrastructure, designed to deceive users into downloading malicious software or surrendering sensitive account details. This domain was flagged by 0 out of 95 VirusTotal vendors as of the latest scan, indicating a low detection rate despite its malicious intent. It was registered via Cloudflare, Inc., resolving to the IP address 172.66.47.113, which is associated with Google Trust Services' SSL infrastructure. The domain leverages Cloudflare Pages to host its phishing content, granting it a veneer of legitimacy while obscuring its true origin. Notably, the SSL certificate issued to this domain is trusted by major browsers, further enhancing its deceptive credibility. At present, this domain has not been widely blocked, with 0 recorded listings on major threat intelligence blocklists, and maintains high trust scores from reputable services. Investigation into this domain remains ongoing, but immediate defensive measures are strongly advised. Organizations and individuals should block all traffic to en-us-ldger-live-download.pages.dev at the network perimeter and DNS level. Users are urged to verify the authenticity of any Ledger Live download link by cross-referencing it with the official Ledger website (ledger.com) or through their verified support channels. Additionally, endpoint detection and response (EDR) solutions should be updated to monitor for indicators of compromise associated with this domain, including the IP address 172.66.47.113 and any related artifacts. Proactive user education on recognizing phishing tactics and verifying software sources is critical to mitigating the risk posed by this and similar threats. Security teams should conduct a thorough audit of recent download activities, particularly those involving cryptocurrency wallet software, to identify any potential compromise. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.113 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/78b757e6-755f-4191-a1e9-c17d8f8c8a1a - PhishDestroy: https://phishdestroy.io/domain/en-us-ldger-live-download.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/en-us-ldger-live-download.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/en-us-ldger-live-download.pages.dev/ Last updated: 2026-03-26