# le-igerd-live-learn.pages.dev — SUSPICIOUS > Domain le-igerd-live-learn.pages.dev is a Ledger brand impersonation scam with 0/95 VirusTotal detections. Avoid this credential theft site immediately. ## Summary PhishDestroy identifies the domain le-igerd-live-learn.pages.dev as an active Ledger brand impersonation scam designed to deceive cryptocurrency users into surrendering sensitive credentials. The threat actor leverages Cloudflare Pages to host a spoofed interface mimicking Ledger’s official website, exploiting trust in the brand to trick victims into entering recovery phrases or API keys. This domain resolves to IP 188.114.96.3 and uses a Google Trust Services SSL certificate to appear legitimate, further lowering user suspicion. The campaign is currently under investigation but remains actively accessible, posing a direct risk to cryptocurrency holders. This domain was flagged with 0 detections out of 95 engines on VirusTotal, indicating it has evaded automated detection despite clear malicious intent. It was registered through Cloudflare, Inc., a common tactic to obscure true ownership and avoid takedowns. While the exact creation date is not provided, the use of Cloudflare Pages suggests recent deployment, likely within days or weeks. The domain’s infrastructure aligns with known phishing operations targeting Ledger users, who are often targeted due to the prevalence of recovery phrase theft in cryptocurrency fraud. Given the zero detections on VirusTotal, traditional security tools may fail to block this threat, increasing reliance on manual user vigilance. Users who visited this domain should immediately check their browser history and bookmarks for any accidental access to le-igerd-live-learn.pages.dev. If credentials were entered, revoke all associated API keys and recovery phrases immediately, as they may have been compromised. Use Ledger’s official recovery tool or support channels to verify account safety. Clear cookies and cached data from browsers to prevent session hijacking, and consider enabling two-factor authentication on all cryptocurrency-related accounts. Report the domain to Ledger’s fraud team and submit it to PhishDestroy’s database for further analysis to protect other users. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/d48f2cb2-16bf-4c88-b91b-64d2d76b44eb - PhishDestroy: https://phishdestroy.io/domain/le-igerd-live-learn.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/le-igerd-live-learn.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/le-igerd-live-learn.pages.dev/ Last updated: 2026-04-12