# live-ledgar-io.pages.dev — SUSPICIOUS

> live-ledgar-io.pages.dev is a live credential theft domain mimicking Ledger wallets. VT currently shows 0/95 detections — investigate now.

## Summary
PhishDestroy identifies live-ledgar-io.pages.dev as an active credential theft domain under investigation for impersonating Ledger cryptocurrency wallets. This domain employs a spoofed branding strategy to harvest user credentials under the guise of a legitimate service. The threat actor leverages Cloudflare’s infrastructure via Google Trust Services SSL certificates, adding a deceptive layer of legitimacy. Immediate validation is recommended due to the absence of VT detections and the weaponized nature of brand impersonation in crypto ecosystems.


This domain was flagged with a risk level of under_investigation and exhibits multiple indicators of compromise. VirusTotal shows 0 out of 95 detections as of the latest scan, underscoring its stealthy deployment. It is registered through Cloudflare, Inc., resolving to IP address 172.66.44.175. The domain’s SSL certificate is issued by Google Trust Services, further masking malicious intent. Notably, the domain uses a Pages.dev subdomain, a tactic commonly exploited for rapid deployment and evasion. While blocklist status remains unverified, the lack of detections suggests a newly active campaign with high evasion potential.


Mitigation requires immediate network-level blocking of the domain and IP address, alongside user awareness campaigns focused on Ledger wallet credential verification procedures. Organizations should audit DNS logs for recent resolutions to 172.66.44.175 or Cloudflare-associated domains. Users must verify all wallet-related communications through official Ledger domains and enable multi-factor authentication. Given the high-risk nature of crypto drainers, proactive threat hunting for similar domains is strongly advised.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.175

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/13ac2986-accc-4fbf-9157-e52397e8d5b6
- PhishDestroy: https://phishdestroy.io/domain/live-ledgar-io.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/live-ledgar-io.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/live-ledgar-io.pages.dev/
Last updated: 2026-04-12