# ledger-livelogin--us.pages.dev — MALICIOUS > ledger-livelogin--us.pages.dev impersonates Ledger to steal crypto via fake login. Verify URLs with PhishDestroy. VT 10/95 vendors flagged. ## Summary PhishDestroy identifies ledger-livelogin--us.pages.dev as an active brand impersonation domain targeting Ledger users with a fraudulent login portal designed to drain cryptocurrency wallets. This domain employs deceptive branding to trick victims into entering recovery phrases or private keys, enabling attackers to siphon funds directly from connected wallets. The threat level is elevated due to the combination of impersonation tactics and the presence of confirmed malicious indicators, including a high-risk detection rate from multiple security vendors. This domain was flagged with a VirusTotal detection score of 10 out of 95 security vendors, indicating significant suspicion. The domain resolves to IP address 172.66.44.57 and is registered through Cloudflare, Inc., leveraging Google Trust Services for its SSL certificate. While the exact creation date is not publicly disclosed, the domain’s association with Cloudflare’s Pages.dev infrastructure suggests recent deployment aimed at evading traditional blocklists. The presence of 10/95 detections on VirusTotal, combined with the impersonation of a high-value brand like Ledger, places this domain at elevated risk for cryptocurrency theft. Mitigation for this threat requires immediate action. Users must avoid interacting with ledger-livelogin--us.pages.dev or any similar domains claiming to offer Ledger Live login services. Always verify URLs by typing them manually or using PhishDestroy’s verification tools to confirm legitimacy. Enable multi-factor authentication on Ledger accounts and use hardware wallets for all transactions. Report suspicious domains to Ledger’s official support channels and consider blocking the IP address 172.66.44.57 at the network level if possible. Stay vigilant for phishing attempts via email, SMS, or social media, as these are common vectors for redirecting users to fraudulent sites. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.57 ## Detection Status - VirusTotal: 10 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/519f4082-5921-4424-87d1-310774fdabf9 - PhishDestroy: https://phishdestroy.io/domain/ledger-livelogin--us.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ledger-livelogin--us.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledger-livelogin--us.pages.dev/ Last updated: 2026-03-30