# first-ledger-live-login-cdn-us.pages.dev — MALICIOUS

> PhishDestroy identifies first-ledger-live-login-cdn-us.pages.dev as a Ledger brand impersonation domain, flagged by 7/95 VirusTotal vendors.

## Summary
PhishDestroy identifies first-ledger-live-login-cdn-us.pages.dev as an active brand impersonation phishing domain targeting Ledger users. This domain mimics the legitimate Ledger login portal to harvest credentials and sensitive financial data. The threat actor leverages Cloudflare Pages to host a spoofed interface resembling the official Ledger Live CDN, increasing credibility and reducing user suspicion.  This domain was flagged by 7 out of 95 VirusTotal security vendors, indicating moderate but elevated threat detection. It was registered through Cloudflare, Inc., and resolves to IP 172.66.44.196. The SSL certificate is issued by Google Trust Services, adding a false sense of legitimacy. The use of a Cloudflare Pages subdomain (pages.dev) further obfuscates the malicious intent, as such domains are often used in legitimate contexts but can be repurposed for phishing.  If you visited this domain, do not enter any credentials or personal information. Disconnect from the site immediately and inspect your device for unauthorized access or malware. Report the domain to Ledger’s official phishing reporting channel and revoke any credentials that may have been exposed. Use a reputable security tool to scan for compromise and monitor financial accounts for suspicious activity. Always verify URLs via official Ledger channels before entering sensitive data.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.196

## Detection Status
- VirusTotal: 7 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ca4df4ea-ac9c-472b-ad8c-920dd8f03b17
- PhishDestroy: https://phishdestroy.io/domain/first-ledger-live-login-cdn-us.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/first-ledger-live-login-cdn-us.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/first-ledger-live-login-cdn-us.pages.dev/
Last updated: 2026-03-22