# ledgr-live-usa.pages.dev — SUSPICIOUS

> ledgr-live-usa.pages.dev impersonates Ledger hardware wallet brand to harvest credentials. Resolves to 172.66.45.

## Summary
Domain ledgr-live-usa.pages.dev has been flagged for active brand impersonation targeting Ledger, a prominent hardware wallet manufacturer. This domain leverages a deceptive naming convention to mimic Ledger’s official services, likely as part of a credential harvesting campaign. While no drainer kit artifacts were identified in initial analysis, the domain’s structure and branding subterfuge strongly suggest a phishing operation designed to trick users into surrendering sensitive wallet-related information.  

Technical indicators for this domain reveal a mix of reputable and suspicious characteristics. The domain resolves to IP address 172.66.45.36 and is served via a Google Trust Services SSL certificate, which may lend an air of legitimacy. However, VirusTotal analysis shows 0 detections out of 95 engines, indicating evasion of current detection signatures. Registered through Cloudflare, Inc., the domain was flagged by Google Safe Browsing under the category “SOCIAL_ENGINEERING,” confirming malicious intent. Despite these red flags, no blocklist entries were recorded at the time of discovery, underscoring the stealthy nature of this threat.  

As of this advisory, the domain remains active and under investigation with a current risk level classified as “under_investigation.” Immediate containment actions include network-level blocking where feasible and user advisories to avoid interaction. While the SSL certificate and Cloudflare infrastructure complicate takedown efforts, the Google Safe Browsing flag provides a critical enforcement vector. Remaining risk is assessed as high due to the domain’s active status, low detection coverage, and the high-value target (Ledger users). Users are strongly advised to verify all URLs before entering credentials and to consult official Ledger communication channels for legitimate endpoints.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.45.36

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/a42a0be1-8de8-4c2c-915e-6d328ba6b352
- PhishDestroy: https://phishdestroy.io/domain/ledgr-live-usa.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledgr-live-usa.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledgr-live-usa.pages.dev/
Last updated: 2026-03-29