# liveledgr-login.pages.dev — SUSPICIOUS

> liveledgr-login.pages.dev is a credential phishing page mimicking Ledger Live. VirusTotal reports 0/95 detections. Check the full report.

## Summary
PhishDestroy identifies liveledgr-login.pages.dev as an active credential harvesting domain designed to steal Ledger Live user credentials. The site is currently under investigation but remains accessible and operational, posing a significant risk to cryptocurrency users who may unwittingly enter their login details. The threat actor leverages a spoofed login interface hosted on Cloudflare Pages, a legitimate service, to lend an air of authenticity to the phishing attempt while obscuring the malicious intent. This tactic is particularly effective against users who rely on visual cues rather than verifying domain authenticity.

Technical indicators reveal that the domain was registered through Cloudflare, Inc., resolves to IP address 172.66.47.91, and utilizes a Google Trust Services SSL certificate to encrypt the phishing page. VirusTotal currently shows 0 detections out of 95 scans, indicating that major security vendors have not yet flagged the domain. This low detection rate highlights the sophistication of the threat actor in evading automated detection mechanisms, likely through the use of Cloudflare’s infrastructure and HTTPS encryption. The domain’s recent deployment and lack of presence on public blocklists further suggest an emerging threat that requires immediate attention from both users and security teams.

To mitigate the risk posed by this credential harvesting campaign, users should avoid accessing Ledger Live or any cryptocurrency-related services via embedded links or redirected pages. Always navigate directly to the official website by manually entering the URL in the browser. Organizations should update their threat intelligence feeds to include this domain and consider blocking the IP address 172.66.47.91 at the network perimeter. Additionally, users who suspect they have entered credentials on this page should immediately revoke any API keys or session tokens associated with their Ledger Live account and enable two-factor authentication where available. Reporting the domain to security vendors and relevant cryptocurrency platforms can help accelerate its takedown and prevent further exploitation.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.91

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/liveledgr-login.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/liveledgr-login.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/liveledgr-login.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/liveledgr-login.pages.dev/
Last updated: 2026-04-03