# ledger-live-desktop-auth.pages.dev — MALICIOUS > Domain ledger-live-desktop-auth.pages.dev is active in a Ledger brand impersonation phishing campaign and flagged by 14 of 95 VirusTotal vendors. ## Summary ledger-live-desktop-auth.pages.dev — Brand Impersonation Phishing Investigation Report The domain ledger-live-desktop-auth.pages.dev is actively engaged in a brand impersonation phishing campaign targeting Ledger users. This threat is classified as brand impersonation with elevated risk and remains active as of the latest intelligence. The domain mimics the official Ledger Live Desktop application to deceive victims into divulging sensitive credentials or installing malicious software. PhishDestroy identifies that ledger-live-desktop-auth.pages.dev was registered through Cloudflare, Inc. and resolves to IP address 172.66.44.147. This domain has been flagged by 14 of 95 VirusTotal vendors, indicating a high detection rate by security tools. It holds a Google Trust Services SSL certificate but exhibits suspicious behavioral patterns consistent with impersonation campaigns. While the exact creation date is not provided, the current data suggests recent deployment aimed at capitalizing on user trust in the Ledger brand. As of this report, the domain remains active and poses a direct risk to users seeking legitimate Ledger software. It is strongly recommended to block ledger-live-desktop-auth.pages.dev at network and endpoint levels. Users should verify software sources directly from Ledger’s official website (ledger.com) and employ browser-based protections such as uBlock Origin or ad-blockers with anti-phishing lists. Organizations are advised to update threat intelligence feeds and SIEM rules to include this domain and associated IP. Exercise heightened caution when accessing cryptocurrency-related websites and always cross-verify URLs using official channels. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.147 ## Detection Status - VirusTotal: 14 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/c58d80e0-cc4a-4ae9-9af7-ad771d9048f6 - PhishDestroy: https://phishdestroy.io/domain/ledger-live-desktop-auth.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ledger-live-desktop-auth.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledger-live-desktop-auth.pages.dev/ Last updated: 2026-03-21