# ledger--live-us.pages.dev — SUSPICIOUS > ledger--live-us.pages.dev impersonates Ledger with a fake live update phishing scam. Check the full report. ## Summary PhishDestroy identifies ledger--live-us.pages.dev as a fraudulent domain actively impersonating the Ledger brand, posing a credible threat to cryptocurrency users. This domain is currently under investigation but remains active, leveraging deceptive branding to deceive visitors into divulging sensitive credentials or financial information. The threat profile is classified as brand impersonation, a high-risk tactic frequently employed in credential harvesting and malware distribution campaigns targeting crypto investors. This domain resolves to IP address 172.66.47.11 and operates under Cloudflare, Inc. registration, utilizing a Google Trust Services SSL certificate to enhance its appearance of legitimacy. VirusTotal analysis shows 0 out of 95 detection engines flagging the domain, indicating it has not yet been widely recognized as malicious. The domain is hosted on pages.dev, a legitimate service from Cloudflare, which is commonly abused in phishing campaigns due to its free and fast deployment capabilities. Despite its lack of blocklist presence, the combination of brand impersonation, recent deployment, and SSL encryption creates a deceptive surface that may evade user scrutiny and automated defenses. To mitigate exposure to this threat, users should avoid interacting with ledger--live-us.pages.dev and verify the authenticity of all Ledger-related domains by visiting the official website directly. Organizations are advised to block this domain at the DNS and firewall levels and monitor for any associated IP traffic. Security teams should also update threat intelligence feeds with this indicator to enhance proactive detection. Given the domain’s active status and low detection rate, immediate action is recommended to prevent potential compromise. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.11 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/ledger--live-us.pages.dev - PhishDestroy: https://phishdestroy.io/domain/ledger--live-us.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ledger--live-us.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledger--live-us.pages.dev/ Last updated: 2026-04-04