# info-ledgrr-live-connect.pages.dev — MALICIOUS

> Avoid info-ledgrr-live-connect.pages.dev, a deceptive site mimicking Ledger. Flagged for social engineering and phishing, now taken offline for safety.

## Summary
PhishDestroy has identified info-ledgrr-live-connect.pages.dev as a malicious domain engaged in brand impersonation targeting Ledger users. Classified as a high-risk phishing threat, this domain was designed to deceive victims by mimicking the legitimate Ledger brand, aiming to harvest sensitive credentials under the guise of trustworthy connection.

Technical analysis reveals that the domain was registered recently on February 21, 2026, via Cloudflare, Inc. Hosting resolved to IP address 172.66.44.184. The domain appeared on one security blocklist and was flagged by Google Safe Browsing as a social engineering threat. VirusTotal detections included 13 out of 95 security vendors, signaling significant consensus about its malicious intent. The page title encountered was 'Suspected phishing site | Cloudflare,' further indicating its illicit use.

As of now, info-ledgrr-live-connect.pages.dev has been taken offline, mitigating immediate risks to potential victims. PhishDestroy continues to monitor associated infrastructure and advises users to remain cautious of similar impersonation attempts. Prompt takedown actions and ongoing vigilance are crucial in countering such deceptive phishing campaigns.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Ledger
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.184
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["harleigh.ns.cloudflare.com", "damiete.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE"]
- Google Safe Browsing: FLAGGED
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ad789-4471-70ae-b7ce-5b9661d96751.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/ba7cdc00-e8fe-4b4e-8966-cde7dc30f5ca
- PhishDestroy: https://phishdestroy.io/domain/info-ledgrr-live-connect.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/info-ledgrr-live-connect.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/info-ledgrr-live-connect.pages.dev/
Last updated: 2026-03-19