# start-ledgerlive.pages.dev — SUSPICIOUS

> This Cloudflare-hosted domain impersonates Ledger's official site and was flagged by Google Safe Browsing for social engineering.

## Summary
PhishDestroy identifies start-ledgerlive.pages.dev as a live brand impersonation site targeting cryptocurrency hardware-wallet users. The page mimics Ledger’s branding at start-ledgerlive.pages.dev to trick visitors into entering seed phrases or wallet credentials. Attackers often register short-lived pages under reputable domains—here pages.dev, a Google service—hoping to evade early detection by security scanners.


This domain was flagged by Google Safe Browsing under the social-engineering category on 2025-06-13 and currently resolves to 172.66.44.111. Registered through Cloudflare, Inc., the site operates with an SSL certificate issued by Google Trust Services, giving it an initial veneer of legitimacy. According to VirusTotal aggregates as of 10:07 UTC on the same day, the domain shows 0 detections across 95 scanners, underscoring the importance of manual verification for recently deployed deception sites.


If you visited start-ledgerlive.pages.dev, assume your browser may have downloaded scripts or cookies designed to harvest session data. Disconnect from the internet immediately, clear your browser cache and cookies, and scan your device with trusted security software. Revoke any session tokens or API keys that could have been exposed. Always access Ledger services directly via ledger.com or the official Ledger Live application, and enable two-factor authentication on all accounts. Report the domain to Google Safe Browsing and your wallet provider to help block further abuse.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.111

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/start-ledgerlive.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/start-ledgerlive.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/start-ledgerlive.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/start-ledgerlive.pages.dev/
Last updated: 2026-04-06