# ledger-app-live-aql.pages.dev — SUSPICIOUS > ledger-app-live-aql.pages.dev is actively impersonating Ledger for phishing. Verify the full report for IOCs and mitigation steps. ## Summary ledger-app-live-aql.pages.dev — a recently active domain — is currently under investigation for impersonating the Ledger brand, posing a direct threat to cryptocurrency users. This domain has been flagged for brand impersonation and remains active as of the latest assessment. PhishDestroy identifies this domain as a Ledger impersonation page, leveraging Cloudflare's Pages.dev hosting to distribute a fraudulent application interface. Despite its convincing presentation, the domain remains undetected by security vendors, with zero out of 95 VirusTotal scanners currently flagging the URL. Registered through Cloudflare, Inc., the domain resolves to IP address 172.66.47.37 and utilizes a Google Trust Services SSL certificate, enhancing its perceived legitimacy. Notably, this domain has not yet been added to any known threat intelligence feeds, presenting a high-risk window for potential victims. Current indicators suggest that the threat actor is likely testing the domain's effectiveness before scaling operations or incorporating it into wider campaigns. To mitigate risk, security teams should block the domain at network and DNS levels, monitor for similar patterns targeting Ledger or other cryptocurrency brands, and alert end-users to validate application sources through official Ledger channels. Immediate action is advised given the active status and lack of vendor detections. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.37 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/d71d5dd3-d70c-4ba8-a5ae-435407480a59 - PhishDestroy: https://phishdestroy.io/domain/ledger-app-live-aql.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ledger-app-live-aql.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledger-app-live-aql.pages.dev/ Last updated: 2026-03-22