# guide-ledger-live-en.pages.dev — SUSPICIOUS > guide-ledger-live-en.pages.dev hosts a Ledger brand impersonation site flagged by 4/95 VirusTotal vendors. ## Summary PhishDestroy security research team identified an active Ledger brand impersonation site hosted at guide-ledger-live-en.pages.dev, which poses a significant risk to cryptocurrency users seeking legitimate Ledger Live guidance. This domain leverages a spoofed interface mimicking Ledger's official platform to deceive visitors into divulging sensitive wallet recovery phrases or connecting fraudulent wallet applications that drain funds. The threat actor has configured the site to rank for search terms like 'Ledger Live download' or 'how to use Ledger Nano', luring users who may not verify the URL carefully. The malicious domain is particularly dangerous as it combines brand deception with potential crypto drainer functionality, making it part of a broader campaign targeting cryptocurrency holders. This domain was flagged by VirusTotal with 4 out of 95 security vendors detecting malicious activity, indicating moderate but notable detection coverage. The domain is registered through Cloudflare, Inc. and resolves to IP address 172.66.47.132. While the SSL certificate is issued by Google Trust Services — a legitimate CA that does not inherently indicate safety — the domain's content and intent clearly violate Ledger's brand guidelines. The registration through Cloudflare's Pages service suggests an attempt to exploit legitimate hosting infrastructure to appear less suspicious to casual observers. Users who accessed this domain should immediately check their browser history and remove any saved credentials related to wallets or exchanges. If wallet recovery phrases were entered on this site, assume the seed phrase is compromised and migrate all assets to a new wallet using official software from ledger.com. Clear browser cache and cookies from this domain, and consider enabling two-factor authentication on all cryptocurrency accounts. Report any suspicious transactions to your wallet provider and monitor accounts for unauthorized withdrawals for at least 30 days. For continued protection, use bookmarked links to official Ledger services and verify SSL certificates match Ledger's official domains. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.132 ## Detection Status - VirusTotal: 4 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/b9a640ed-df66-4df1-a527-80d1362ccd1b - PhishDestroy: https://phishdestroy.io/domain/guide-ledger-live-en.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/guide-ledger-live-en.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/guide-ledger-live-en.pages.dev/ Last updated: 2026-03-22