# faq-ledger-app-live.pages.dev — SUSPICIOUS > faq-ledger-app-live.pages.dev mimics Ledger’s official site to steal crypto wallet data. Resolves to 172.66.44.91. ## Summary PhishDestroy identifies faq-ledger-app-live.pages.dev as an active brand impersonation domain targeting Ledger users. The site is currently classified as 'under_investigation' with an elevated risk level due to its deliberate mimicry of a major cryptocurrency wallet provider. This threat specifically involves the creation of a fraudulent web page designed to deceive visitors into believing they are interacting with Ledger’s official application, likely for the purpose of harvesting sensitive wallet credentials or installing malware. The domain is operational and actively resolving, posing a direct risk to cryptocurrency holders who may unwittingly interact with it. The current threat classification reflects its ongoing exploitation and the potential scale of harm if users are compromised (Unique seed: 144f93). This domain was flagged by multiple security intelligence sources and exhibits several indicators consistent with malicious impersonation campaigns. According to VirusTotal analysis, the site has not yet been detected by any of the 95 security engines in its database, suggesting a window of opportunity for malicious actors to exploit unsuspecting users. It is registered through Cloudflare, Inc., a common privacy-forward registrar often misused to mask the true ownership of fraudulent domains. The site resolves to IP 172.66.44.91 and is secured with a Google Trust Services SSL certificate, which does not inherently indicate legitimacy due to the ease of obtaining low-cost certificates for malicious purposes. No presence on major blocklists was reported at the time of writing, which may allow the domain to remain accessible for an extended period. The combination of these factors—especially the lack of detection and trusted SSL infrastructure—enhances its credibility among potential victims while masking its malicious intent. To mitigate the risk posed by this domain, users must exercise extreme caution when accessing Ledger-related services online. Avoid visiting or interacting with faq-ledger-app-live.pages.dev entirely, as it is designed to impersonate official Ledger infrastructure. Always verify the authenticity of any Ledger-related domain by cross-referencing it with official sources from Ledger’s website or app store listings. Enable multi-factor authentication (MFA) on all crypto wallets and use hardware wallet verification for transactions. Report any suspected impersonation sites to Ledger’s official support channels and consider using browser extensions or DNS filtering tools that can block known malicious domains proactively. Users should also monitor their wallets for unauthorized transactions and report any suspicious activity immediately to relevant financial and cybersecurity authorities. Remain vigilant: even domains with seemingly trustworthy technical attributes can be weapons in targeted phishing campaigns. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.91 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/8e37653d-cb92-4262-be82-75f8d953e7b2 - PhishDestroy: https://phishdestroy.io/domain/faq-ledger-app-live.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/faq-ledger-app-live.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/faq-ledger-app-live.pages.dev/ Last updated: 2026-04-12