# ledger-livee-download.pages.dev — MALICIOUS

> ledger-livee-download.pages.dev is a high-risk phishing domain impersonating Ledger. Avoid using this site and only download Ledger software from official.

## Summary
PhishDestroy identifies ledger-livee-download.pages.dev as a high-risk phishing domain engaged in brand impersonation targeting Ledger users. This domain attempts to deceive users by mimicking Ledger's legitimate software download channels, posing significant threats to user credentials and digital asset security.

The domain was registered on February 21, 2026, through Cloudflare, Inc., and is resolved to the IP address 172.66.46.242. It has been flagged by 15 out of 95 security vendors on VirusTotal and appears on one known security blocklist, reinforcing its malicious intent. The page title was recorded as "Suspected phishing site | Cloudflare," indicating timely intervention from hosting services to block the site. The use of a deceptive, closely mimicking domain name with an extra letter in "livee" strongly suggests an attempt to confuse users seeking the official Ledger Live software.

Mitigation actions have been effective, as the domain is currently offline, preventing further user harm. PhishDestroy strongly advises users to avoid this domain and only download Ledger applications from official Ledger websites or verified app stores. Continued vigilance and reliance on trusted sources remain critical to safeguarding users from such brand impersonation threats. The unique seed 650dae underscores the importance of recognizing subtle domain manipulations designed to exploit brand trust.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Ledger
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.46.242
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["nero.ns.cloudflare.com", "elaine.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Phishing Database", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019baeb8-356b-702e-ad81-745ba8d9c129.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/bd3e5c7d-c297-4a32-b065-a5b983f382d4
- PhishDestroy: https://phishdestroy.io/domain/ledger-livee-download.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledger-livee-download.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledger-livee-download.pages.dev/
Last updated: 2026-03-19