# eng-ledger-livedownload.pages.dev — SUSPICIOUS > eng-ledger-livedownload.pages.dev impersonates Ledger Live to distribute fake downloads. Users risk malware via 0/95 VirusTotal detections. ## Summary PhishDestroy identifies eng-ledger-livedownload.pages.dev as an active brand impersonation phishing domain targeting Ledger cryptocurrency users. This domain employs a deceptive page title, 'Ledger Live Download — Secure Crypto Management,' to mimic the official Ledger Live software download portal. The threat actor leverages Cloudflare Pages for hosting and uses a Google Trust Services SSL certificate to enhance credibility. At this stage, no drainer kit artifacts have been extracted from the page, but the domain’s configuration suggests an imminent malware dropper or credential harvesting toolkit. eng-ledger-livedownload.pages.dev exhibits the following technical indicators: VirusTotal detection score of 0/95 as of latest scan, registered via Cloudflare, Inc., resolving to IP 172.66.47.41. The domain’s creation date remains unverified due to Cloudflare’s privacy protection, but it remains active and unlisted by Google Safe Browsing (GSB 0). Independent threat intelligence platforms have not yet flagged this domain, resulting in zero blocklist inclusions. The lack of detections underscores the evasive nature of this campaign, relying on fresh infrastructure and superficial legitimacy to deceive users. This domain remains active and continues to serve deceptive content. Immediate mitigation includes blocking the domain at network and DNS levels, updating browser and endpoint security policies to flag false positives using behavioral analysis, and user education to recognize mismatched branding cues. The residual risk remains high due to low detection coverage and the targeting of cryptocurrency users, who are often less cautious about verifying download sources. Users must treat this domain as hostile and abstain from interaction. Security teams are advised to monitor for derivative domains and IP associations to prevent downstream compromise. ## Threat Details - Verdict: SUSPICIOUS - Site status: alive (HTTP ?) - Target brand: Ledger - Page title: Ledger Live Download — Secure Crypto Management ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.41 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/eng-ledger-livedownload.pages.dev - PhishDestroy: https://phishdestroy.io/domain/eng-ledger-livedownload.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/eng-ledger-livedownload.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/eng-ledger-livedownload.pages.dev/ Last updated: 2026-04-11