# ledgeer--live.pages.dev — SUSPICIOUS

> ledgeer--live.pages.dev impersonates Ledger with an active phishing scam using a Cloudflare-hosted page (IP 172.66.46.

## Summary
ledgeer--live.pages.dev has been identified as an active Ledger brand impersonation phishing site, leveraging the well-known Ledger hardware wallet brand to deceive victims. This domain is confirmed to be a drainer kit designed to harvest sensitive cryptocurrency wallet credentials and seed phrases under the guise of a legitimate Ledger service or update portal. The threat actor appears to be exploiting Cloudflare Pages to deploy the fraudulent content, making the site appear technically legitimate at first glance while hosting malicious content aimed at defrauding cryptocurrency users.

Technical indicators confirm this domain as a high-risk threat actor-controlled infrastructure. The domain resolves to IP address 172.66.46.230 and is registered through Cloudflare, Inc., masking the true origin and ownership. VirusTotal analysis reveals the site is flagged by only 1 out of 95 security vendors, highlighting the stealthy nature of the campaign and the evasion tactics employed. The domain holds a valid SSL certificate issued by Google Trust Services, further enhancing its credibility to unsuspecting users. These factors combined indicate a sophisticated, low-detection threat designed to bypass traditional security measures.

As of the latest assessment, ledger--live.pages.dev remains active and accessible. The domain was flagged under seed identifier eb5bb1 during active monitoring. Immediate containment actions include reporting the domain to Cloudflare for takedown and updating browser-based blocklists to include this domain. Users are strongly advised to avoid interacting with this domain or any linked pages. Remaining risk remains elevated due to the site's continued availability and the use of trusted infrastructure providers. Users should verify all Ledger-related communications directly through official channels and ensure their systems are protected with updated security software and DNS filtering solutions. Remaining exposure includes potential credential theft from users who may have already entered sensitive information.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.46.230

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/ledgeer--live.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/ledgeer--live.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledgeer--live.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledgeer--live.pages.dev/
Last updated: 2026-04-09