# ledgerliveloginnn.pages.dev — MALICIOUS

> Avoid ledgerliveloginnn.pages.dev—confirmed Ledger impersonation phishing site, now offline. Stay alert to protect your crypto assets.

## Summary
PhishDestroy identifies ledgerliveloginnn.pages.dev as a high-risk phishing domain actively engaging in brand impersonation targeting Ledger users. This domain was created recently and was designed to mimic Ledger’s login interface, posing a significant threat to individuals seeking to access cryptocurrency wallets securely. The fraudulent nature of this site places users at elevated risk of credential theft and subsequent financial loss.

The domain was registered through Cloudflare, Inc. on February 21, 2026, and resolved to the IP address 172.66.47.77. It appeared on a known security blocklist and was flagged by 15 out of 95 VirusTotal security vendors, confirming consensus about its malicious intent. The page title detected was "Suspected phishing site | Cloudflare," indicating that hosting providers took notice and flagged the site. The use of a Cloudflare Pages subdomain suggests attackers leveraged trusted infrastructure to evade initial detection.

Mitigation efforts have been successful as the domain is currently offline, reducing immediate risk to potential victims. Users are advised to remain vigilant against similar phishing attempts, especially those impersonating Ledger or other cryptocurrency brands. It is recommended to verify URLs carefully and avoid entering sensitive credentials into any suspicious portals. PhishDestroy will continue to monitor this domain and related campaigns to provide timely alerts and protect the community.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Ledger
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.77
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["jaziel.ns.cloudflare.com", "naya.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "Chong Lua Dao", "CyRadar", "ESET", "Emsisoft", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Netcraft", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ae169-5d7e-773c-982c-9ee9826ae742.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/5908a653-559f-4f74-86d0-3502d2cb259e
- PhishDestroy: https://phishdestroy.io/domain/ledgerliveloginnn.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledgerliveloginnn.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledgerliveloginnn.pages.dev/
Last updated: 2026-03-19