# ledger-live-faq-dku.pages.dev — SUSPICIOUS > PhishDestroy identifies ledger-live-faq-dku.pages.dev as a fake Ledger FAQ phishing site hosted by Cloudflare. VirusTotal shows 0/95 detections. ## Summary PhishDestroy identifies ledger-live-faq-dku.pages.dev as a brand-impersonation phishing site masquerading as a Ledger FAQ page. This domain uses Cloudflare Pages to host a spoofed support interface, tricking visitors into entering sensitive recovery phrases or seed phrases under the guise of troubleshooting guidance. The site’s design mimics Ledger’s official branding, including the use of familiar color schemes and terminology, to lend false legitimacy. Visitors are at high risk of credential theft, financial loss, or device compromise if they interact with the page or input any information. Ledger users are strongly advised to verify all support links via official channels before engaging. This domain was flagged using automated detection pipelines that analyze domain structure, SSL issuers, and hosting providers. Ledger-live-faq-dku.pages.dev resolves to IP address 188.114.96.3 and uses a Google Trust Services SSL certificate, which is legitimate for Google domains but commonly abused in phishing campaigns via services like Cloudflare Pages. The domain was registered through Cloudflare, Inc., a common choice for threat actors due to its free and fast deployment capabilities. VirusTotal currently shows zero detections out of 95 security engines, indicating that signature-based detection has not yet caught up with this threat. The seed hash 4f1c5f confirms this is a tracked variant within a broader campaign targeting cryptocurrency hardware wallet users. If you visited ledger-live-faq-dku.pages.dev, do not enter any recovery phrases, passwords, or personal information. Immediately disconnect from the site and scan your device using up-to-date antivirus software. Ledger users should check their devices for unauthorized transactions and revoke any exposed seed phrases via the official Ledger Live application. Report the domain to Ledger’s official support channel and consider resetting your recovery phrase if you entered it. Always access Ledger support only through ledger.com or the official Ledger Live application. Enable two-factor authentication on your Ledger account and monitor for unusual activity in your crypto wallets. When in doubt, contact Ledger support directly using verified contact methods. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/04f12b91-3f92-4c19-9682-8e9e0b15e0f4 - PhishDestroy: https://phishdestroy.io/domain/ledger-live-faq-dku.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ledger-live-faq-dku.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledger-live-faq-dku.pages.dev/ Last updated: 2026-04-13