# support-ledgerlive-hub.pages.dev — SUSPICIOUS > Ledger brand impersonation detected on support-ledgerlive-hub.pages.dev via fake support portal. Check the full report. ## Summary PhishDestroy identifies a Ledger brand impersonation campaign hosted at support-ledgerlive-hub.pages.dev, a subdomain of pages.dev operated through Cloudflare Pages. This domain is currently active and engages in fake support impersonation under the guise of Ledger, the cryptocurrency hardware wallet manufacturer. No drainer kit has been confirmed at this stage, but the site mimics official Ledger support infrastructure to deceive users seeking assistance with their devices. Given the elevated risk of credential theft and cryptocurrency fund loss, immediate scrutiny is warranted for users encountering this domain. Technical analysis reveals several concerning indicators. The domain resolves to IP address 172.66.44.89 via Cloudflare infrastructure. It holds a valid SSL certificate issued by Google Trust Services, enhancing its appearance of legitimacy. As of current scans, the domain remains undetected on VirusTotal with a score of 0/95 detections and has not been flagged by Google Safe Browsing. The domain was registered through Cloudflare, Inc., though specific registration date was not provided. Due to its cloaking behavior and impersonation tactics, this domain poses a tangible threat to users seeking legitimate technical support for Ledger devices. The current status of support-ledgerlive-hub.pages.dev is active, with the threat remaining under investigation by cybersecurity researchers. No public blocklisting has been confirmed at this time. While the immediate risk is elevated due to the domain’s deceptive branding and active hosting, the lack of detection suggests it may be recently deployed or carefully engineered to evade initial scrutiny. Users are advised to avoid interacting with this domain and report any encounters to security teams. Organizations should monitor for similar patterns in support-themed impersonation attacks targeting cryptocurrency users. Remaining risk is classified as active and under investigation, warranting continued monitoring and proactive threat hunting. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.89 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/82b8d8d2-a052-444b-b77f-633d33c6ad2e - PhishDestroy: https://phishdestroy.io/domain/support-ledgerlive-hub.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/support-ledgerlive-hub.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/support-ledgerlive-hub.pages.dev/ Last updated: 2026-03-22