# ledg-r--live.pages.dev — SUSPICIOUS

> ledg-r--live.pages.dev hosts a deceptive Ledger Live impersonation posing as a wallet recovery tool. Avoid entering credentials as this phishing site steals.

## Summary
PhishDestroy identifies ledg-r--live.pages.dev as a live phishing domain masquerading as the Ledger Live wallet application, actively harvesting private keys and user credentials to drain cryptocurrency holdings. This domain is not a legitimate Ledger service and should be treated as a high-risk security threat until proven otherwise. The site currently shows 0/95 detections on VirusTotal, indicating it has evaded mainstream detection engines so far, and relies on Cloudflare’s infrastructure (IP 172.66.44.98) with a Google Trust Services SSL certificate to appear legitimate.  

This domain was flagged with a threat type of generic_phishing and is currently under investigation (Status: active). It is registered through Cloudflare, Inc. and resolves to IP address 172.66.44.98 via Cloudflare’s proxy network. The domain uses a valid SSL certificate issued by Google Trust Services, which may help it bypass browser warnings and gain user trust. As of now, no blocklists list this domain, and its low VirusTotal detection rate suggests it is newly active or employing evasion tactics such as fast-flux hosting or dynamic DNS. The presence of ‘pages.dev’ in the domain indicates deployment on Cloudflare Pages, a platform often abused for quick phishing site setups.  

To mitigate risk, users should avoid visiting ledg-r--live.pages.dev entirely. If accidentally accessed, do not enter any wallet recovery phrases, private keys, or Ledger account credentials. Immediately check all connected wallets for unauthorized transactions and revoke any compromised access. Block the domain at DNS level using your router or hosts file, and report it to Ledger’s official phishing reporting channels. Use hardware wallets or official Ledger Live applications only from verified sources. Enable Ledger’s recovery phrase verification and transaction alerts to detect fraud early. Finally, consider using a dedicated browser profile or VM for crypto-related activities to isolate potential threats.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.98

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/7bf729c4-2388-4610-852b-38e250629b5e
- PhishDestroy: https://phishdestroy.io/domain/ledg-r--live.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledg-r--live.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledg-r--live.pages.dev/
Last updated: 2026-03-22