# live-ldger-setup.pages.dev — SUSPICIOUS

> Learn how live-ldger-setup.pages.dev is being used in a ‘generic_phishing’ attack. Only 0/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy identifies a live-ldger-setup.pages.dev domain as an active phishing front mimicking a generic cryptocurrency wallet login interface. This fraudulent resource is currently classified with a risk level of ‘under_investigation’ and demonstrates zero detections across 95 VirusTotal scanners, indicating both low current detection coverage and significant potential for evasion. The site uses a Google Trust Services SSL certificate, resolving to IP 172.66.44.246, and was registered through Cloudflare, Inc., leveraging cloud infrastructure to obscure malicious hosting patterns and prolong operational longevity.

Technical indicators reveal further evasion tactics: the domain is hosted on Cloudflare Pages (pages.dev), a legitimate CDN platform exploited to host malicious content under the guise of benign static hosting. With zero VirusTotal detections at the time of analysis, the threat remains under the radar despite known infrastructure associations. The use of Google’s SSL certificate adds superficial legitimacy, while the IP allocation to a Cloudflare edge node—172.66.44.246—supports fast domain rotation and geolocation obfuscation, a hallmark of modern phishing campaigns targeting digital asset users.

Given the threat type—generic phishing—users should avoid interacting with any login prompts or data entry forms on live-ldger-setup.pages.dev. Enable multi-factor authentication (MFA) on all crypto wallets and exchanges, verify domain spellings manually, and use browser extensions or network-level filters that block known phishing infrastructure. Report suspicious URLs to your security provider and avoid entering credentials on untrusted pages. Monitor financial accounts for unauthorized transactions, especially within 48 hours of potential exposure. Organizations should consider proactive DNS filtering and threat intelligence integration to prevent access to newly registered, low-reputation phishing fronts like this one.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.246

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/e83280b4-9c8f-4985-a4c1-41db58c6bfb8
- PhishDestroy: https://phishdestroy.io/domain/live-ldger-setup.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/live-ldger-setup.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/live-ldger-setup.pages.dev/
Last updated: 2026-03-31