# ledger-livv-us.pages.dev — SUSPICIOUS > ledger-livv-us.pages.dev impersonates Ledger via brand phishing. VirusTotal flags 0/95 detections. Check the full report now. ## Summary PhishDestroy identifies an active brand impersonation phishing domain targeting cryptocurrency users of Ledger, specifically ledger-livv-us.pages.dev. This malicious domain mimics Ledger’s official branding and user interface to deceive visitors into divulging sensitive wallet credentials, payment information, or private keys. Hosted on Cloudflare Pages, the site leverages a Google Trust Services SSL certificate to appear legitimate and operates under a subdomain designed to blend with legitimate services. While currently undetected by most antivirus engines (0 detections on VirusTotal out of 95 scans), the absence of detections does not indicate safety—it reflects the evolving tactics of adversaries who rapidly shift infrastructure to evade static detection rules. The domain resolves to IP address 172.66.44.244, hosted within Cloudflare’s network, a common tactic among phishing operators to obscure origin and complicate takedown efforts. This domain was flagged for its deliberate imitation of Ledger’s branding, including the use of the corporate blue palette, logo stylization, and fraudulent “live verification” messaging intended to trick users into entering recovery phrases or seed phrases under the guise of a security check. Technical analysis reveals that the domain was registered through Cloudflare, Inc. via their Pages service, which allows for rapid deployment of static phishing pages with HTTPS support—exploiting trust in legitimate platforms. As of the latest intelligence, VirusTotal scanning engines have not flagged this URL (0/95 detections), and the site remains active with no blocklist entries recorded, indicating a new or under-monitored threat vector. The IP address 172.66.44.244 is associated with Cloudflare’s edge network, further complicating attribution and enabling fast rotation when reported. Users who have accessed ledger-livv-us.pages.dev or entered any information should immediately cease use of the page and assume compromise. Do not use the same passwords, recovery phrases, or private keys across other services. Revoke any session tokens or API keys exposed, and consider transferring remaining funds to a newly generated wallet from an offline, verified source. Monitor financial accounts and cryptocurrency wallets for unauthorized transactions. Report the domain to your security team and file a complaint with Ledger’s official support channels. Enable hardware wallet security features and enable phishing-resistant second-factor authentication where available. This advisory is based on verified threat intelligence and remains under active investigation—users are advised to treat this domain as hostile until further notice. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.244 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/0ec9feb7-fd43-4caa-8e28-98af8a722418 - PhishDestroy: https://phishdestroy.io/domain/ledger-livv-us.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ledger-livv-us.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledger-livv-us.pages.dev/ Last updated: 2026-04-13