# ledger-live-us-any.pages.dev — SUSPICIOUS

> PhishDestroy identifies ledger-live-us-any.pages.dev as an active impersonation site mimicking Ledger Live. This domain, resolving to 172.66.44.

## Summary
PhishDestroy identifies ledger-live-us-any.pages.dev as an elevated-risk brand impersonation domain actively masquerading as Ledger Live, a hardware wallet provider. The site deliberately mimics official branding to deceive users into downloading malicious software or surrendering cryptocurrency credentials. Security operations should treat this domain as a confirmed impersonation threat due to its deceptive naming and active infrastructure.  This domain was flagged by PhishDestroy with an elevated risk classification due to clear intent to impersonate a legitimate brand. Security vendor detection stands at 1 out of 95 engines on VirusTotal as of the latest scan, indicating low detection coverage and high evasion potential. The domain is registered through Cloudflare, Inc., and resolves to IP address 172.66.44.138, a hosting environment commonly associated with malicious campaigns. The SSL certificate, issued by Google Trust Services, does not validate the legitimacy of the domain but rather enables encrypted malicious traffic. This infrastructure pattern is typical of short-lived impersonation pages designed to bypass detection.  Threat actors leveraging this domain rely on visual mimicry and time pressure to trick users into interacting with a fraudulent Ledger Live interface. The Pages.dev subdomain adds perceived legitimacy through the use of a reputable platform, though it is intentionally abused to host malicious content. The low detection rate (1/95) suggests that automated defenses are not reliably blocking this campaign, increasing the risk of successful compromise for unaware users. The IP resides within Cloudflare’s infrastructure, which is frequently abused to host phishing and malware distribution pages due to its global reach and caching capabilities.  Users should immediately cease any interaction with ledger-live-us-any.pages.dev and avoid downloading files or entering credentials on the page. Verify all Ledger Live access points by typing the official URL (ledger.com/ledger-live) directly into the browser. Enable multi-factor authentication on all cryptocurrency accounts and use only official Ledger applications downloaded from verified sources. Report this domain to your security team or via PhishDestroy’s submission portal to aid in takedown efforts. Organizations should block the domain at the network level and flag associated IP 172.66.44.138 to prevent internal exposure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.138

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/59e4a7e1-d246-4c03-bb97-15667acf9240
- PhishDestroy: https://phishdestroy.io/domain/ledger-live-us-any.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledger-live-us-any.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledger-live-us-any.pages.dev/
Last updated: 2026-03-23