# ledger-live-auth-sso.pages.dev — MALICIOUS

> 12/95 security vendors flag this Ledger impersonation site hosted on Cloudflare pages.dev. Check the full report.

## Summary
PhishDestroy identifies an active brand-impersonation campaign targeting Ledger users via the domain ledger-live-auth-sso.pages.dev. This fraudulent site mimics Ledger’s official authentication portal to steal login credentials and seed phrases.

This domain was flagged by exactly 12 of 95 VirusTotal security vendors within hours of creation. It is registered through Cloudflare, Inc., leverages Google Trust Services for its SSL certificate, and currently resolves to IP 172.66.45.8. The page.dev subdomain is a known rapid-deployment tactic for phishing infrastructure.

If you visited this page, immediately disconnect from the internet, scan your device with updated antivirus software, and revoke any entered credentials via Ledger’s official support channels. Do not enter seed phrases or private keys on any unexpected site. Report the domain to Ledger’s phishing team and your local cybercrime unit.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.45.8

## Detection Status
- VirusTotal: 12 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/df975865-4573-40ad-9843-2e07ff282fc9
- PhishDestroy: https://phishdestroy.io/domain/ledger-live-auth-sso.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledger-live-auth-sso.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledger-live-auth-sso.pages.dev/
Last updated: 2026-04-12