# ledger-liveloginn.pages.dev — MALICIOUS

> PhishDestroy warns of ledger-liveloginn.pages.dev, a Ledger impersonation site flagged for phishing. Learn why it’s dangerous and how to stay safe.

## Summary
PhishDestroy has identified ledger-liveloginn.pages.dev as a high-risk brand impersonation domain targeting Ledger users. This site attempts to deceive visitors by mimicking the appearance and branding of Ledger, a well-known hardware wallet provider, to steal sensitive information such as login credentials and recovery phrases. Although currently taken offline, its creation in February 2026 and presence on a security blocklist indicate a deliberate and recent attack attempt.

This malicious domain leverages Cloudflare’s infrastructure, resolving to IP 172.66.47.130, to host a convincing phishing page. By imitating Ledger’s login interface, it aims to trick users into entering private data that can be exploited to gain unauthorized access to crypto assets. VirusTotal scans flagged the domain with 15 detections out of 95 vendors, confirming its malicious intent. The page title “Suspected phishing site | Cloudflare” further reflects ongoing mitigation efforts to block this threat.

If you have visited ledger-liveloginn.pages.dev, it is critical to immediately cease any interaction with the site and avoid submitting any sensitive information. Users should scan their devices for malware, change passwords associated with Ledger accounts, and enable multi-factor authentication where possible. Reporting this domain to your security team or provider helps prevent further attacks. Staying vigilant against lookalike domains is essential to protect your digital assets in an evolving threat landscape.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Ledger
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.130
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["jaziel.ns.cloudflare.com", "naya.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Phishing Database", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ba78e-95f5-7041-ab65-2dad7da01363.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/c0afde0b-e712-4f81-b585-e3c91a29b64b
- PhishDestroy: https://phishdestroy.io/domain/ledger-liveloginn.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledger-liveloginn.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledger-liveloginn.pages.dev/
Last updated: 2026-03-19