lleditu-xbzjfu-12e0881cbe5c.herokuapp.com
Category: Phishing
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.
Quttera Web Malware Removal is a paid subscription service. Pricing, plans, and trial availability are set by Quttera. Quttera is operated by Quttera Ltd, an independent third-party company unrelated to RCS LT. PCRisk.com may earn a referral commission when users sign up through this link.
Description of lleditu-xbzjfu-12e0881cbe5c.herokuapp.com
This domain appears to host a webpage presenting itself as "Ledger Live," a cryptocurrency wallet and asset-management interface associated in branding with Ledger hardware wallets. The page title, visible logo, and on-page text reference cryptocurrency and NFT wallet functionality, and the screenshot shows a landing page encouraging visitors to click a "Get started" button.
Despite that presentation, the domain itself is a randomly structured subdomain on herokuapp.com rather than an obvious official Ledger-owned web address. Based on the naming pattern, hosting context, and page content, this appears more likely to be a temporary or disposable deployment intended to imitate a financial or cryptocurrency-related service rather than a primary corporate website operated under Ledger's main domain infrastructure.
Safety Assessment for lleditu-xbzjfu-12e0881cbe5c.herokuapp.com
Multiple independent security signals indicate elevated risk at the time of this scan. The site was flagged by 15 out of 91 security engines, and several web-classification sources categorized it as phishing or fraud-related. The page also appears to imitate Ledger branding while being hosted on an unrelated Heroku subdomain, which may indicate a look-alike setup designed to resemble a legitimate cryptocurrency service.
Additional scan context supports caution. A malware scan marked one script file as suspicious, and the domain's IP address is listed on one mail-reputation blocklist; that DNS-based listing is a weaker signal than direct phishing detections, but it still adds some concern. Although major content-malice databases shown here were otherwise clean at the time of this scan, the multi-engine phishing consensus and the branding mismatch are stronger indicators in this case.
Based on these findings, this website may pose potential risks to visitors.
Technical Description
The site uses a valid TLS certificate issued through Amazon infrastructure, with certificate validity extending into 2027. It is hosted on Heroku and backed by AWS EC2 infrastructure in Ashburn, Virginia. DNSSEC appears to be enabled for the parent domain configuration, and the nameserver set includes both Heroku DNS and NS1-managed records.
From a technical risk perspective, the main concern is not the certificate or hosting stack itself, but the combination of a disposable-looking Heroku subdomain, cryptocurrency-themed branding, and a suspicious verification-related script. Valid HTTPS on its own does not verify legitimacy, especially for cloud-hosted phishing pages that can be deployed quickly.
Share your experience with this website. Was it safe? Did you encounter any issues?