# start-ledgerlive-auth.pages.dev — MALICIOUS > start-ledgerlive-auth.pages.dev is a Ledger brand impersonation phishing page flagged by 11/95 VirusTotal vendors. Check the full report. ## Summary PhishDestroy identifies start-ledgerlive-auth.pages.dev as an active domain engaged in Ledger brand impersonation, posing a significant risk to cryptocurrency users. This malicious site mimics the legitimate Ledger Live authentication portal to harvest user credentials and sensitive financial data. The domain is currently live and leverages Cloudflare's infrastructure, including Google Trust Services SSL certificates, to appear legitimate and evade detection. At the time of analysis, 11 out of 95 VirusTotal security vendors flagged this domain for malicious activity, indicating a high level of suspicion among security tools. This domain resolves to the IP address 172.66.46.225 and is registered through Cloudflare, Inc., which is commonly abused by threat actors to host phishing pages. The impersonation of Ledger—a prominent hardware wallet provider—highlights the attackers' intent to deceive users into surrendering their recovery phrases or login credentials. The use of a Google Trust Services SSL certificate further increases the likelihood of user trust, as victims may overlook the suspicious URL structure (pages.dev) in favor of the perceived security indicator. Users who have visited this domain should immediately assess whether they entered any Ledger account credentials, recovery phrases, or other sensitive information. If exposure occurred, users must revoke access to their Ledger accounts, transfer funds to a new wallet, and scan their devices for malware. Additionally, report the incident to Ledger support and consider rotating passwords for other services using the same email. Block this domain at the network level and remain vigilant for follow-up phishing attempts, as compromised credentials often lead to further exploitation. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.46.225 ## Detection Status - VirusTotal: 11 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/d646f2a9-b5a2-4d0a-8e0d-88cc9ef1d050 - PhishDestroy: https://phishdestroy.io/domain/start-ledgerlive-auth.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/start-ledgerlive-auth.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/start-ledgerlive-auth.pages.dev/ Last updated: 2026-03-22