# ledg-r-live.pages.dev — SUSPICIOUS

> ledg-r-live.pages.dev mimics Ledger Live in a phishing attack. 0/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy identifies ledg-r-live.pages.dev as an active Ledger Live credential phishing site currently under investigation. The domain is not yet flagged by VirusTotal (0 detections out of 95 engines) but is already hosted on Cloudflare Pages and resolves to Cloudflare IP 188.114.96.3 with a Google Trust Services SSL certificate. Registrar data shows Cloudflare, Inc. as the provider, indicating a recent deployment designed to evade legacy blocklists.

This domain was flagged by a fraud-detection pipeline on seed 8b04d4 and shows no detections on VirusTotal as of the latest scan, no listings on Google Safe Browsing or PhishTank, and no negative trust scores on Web of Trust or URLVoid. Despite the absence of third-party flags, the page content closely mirrors the official Ledger Live interface and is served from a Cloudflare Pages subdomain—a known tactic to bypass traditional network-level filters.

To mitigate Ledger Live phishing, users should manually verify URLs against ledger.com, enable Ledger Live’s built-in phishing detection, and use hardware wallet verification for any firmware or app updates. Organizations should deploy browser extensions that compare visited domains against a curated allowlist of legitimate Ledger domains and configure DNS filtering to block known phishing infrastructure. Immediate takedown requests should be filed with Cloudflare Trust & Safety using the active abuse report form while continuing to monitor for new subdomains.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/33d49ecf-3de5-4a18-880a-2929a0870a24
- PhishDestroy: https://phishdestroy.io/domain/ledg-r-live.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledg-r-live.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledg-r-live.pages.dev/
Last updated: 2026-03-22