# ledger-livee-co.pages.dev — SUSPICIOUS > PhishDestroy identifies ledger-livee-co.pages.dev as an active brand impersonation site falsely posing as Ledger crypto wallet. ## Summary PhishDestroy assesses ledger-livee-co.pages.dev as an elevated-risk brand impersonation domain actively targeting Ledger cryptocurrency wallet users. This site masquerades as the official Ledger Live interface to deceive victims into entering recovery phrases or private keys, enabling direct theft of digital assets stored in Ledger hardware wallets or software wallets. The campaign leverages a high-similarity visual clone of the legitimate Ledger interface to maximize deception, making it a credible threat to users seeking wallet management tools. This domain was flagged by PhishDestroy with exact indicators matching the threat profile: VirusTotal detection ratio of 2 out of 95 security vendors as of the latest scan, registered through Cloudflare, Inc., resolving to IP address 172.66.47.4 via Cloudflare’s CDN, and secured with an SSL certificate issued by Google Trust Services. The domain was registered as part of the .pages.dev subdomain space, commonly used for legitimate projects but frequently abused in spoofing campaigns. While no known inclusion on blocklists was observed at the time of analysis, the low detection rate combined with the use of a trusted SSL issuer increases the likelihood of successful user deception. The site’s configuration under Cloudflare’s infrastructure further complicates takedown efforts due to rapid IP rotation and geolocation masking. To mitigate exposure to this threat, users are advised to access Ledger services exclusively through the official domain ledger.com or the verified Ledger Live application distributed via official app stores. Never enter recovery phrases, private keys, or seed phrases on any web interface, even if it appears authentic. Enable multi-factor authentication where available and verify the SSL certificate issuer and domain spelling before entering sensitive information. If suspicious activity is detected, immediately revoke unauthorized access via the official Ledger dashboard, transfer assets to a newly initialized wallet, and report the domain to Ledger’s abuse team and PhishDestroy for rapid blocklisting. Monitor device firmware and software for updates to reduce attack surface. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.4 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/4d02b955-12b4-40b1-9dd9-c61a5dc2b30a - PhishDestroy: https://phishdestroy.io/domain/ledger-livee-co.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ledger-livee-co.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledger-livee-co.pages.dev/ Last updated: 2026-03-21