# ledgerlogin-cdn.pages.dev — MALICIOUS

> Discover why ledgerlogin-cdn.pages.dev is flagged for Ledger brand impersonation and what actions to take to stay protected.

## Summary
PhishDestroy identifies ledgerlogin-cdn.pages.dev as a high-risk brand impersonation threat targeting Ledger users. This domain attempts to deceive victims by mimicking the Ledger brand, potentially tricking users into divulging sensitive information or credentials. Brand impersonation attacks like this pose significant risks to cryptocurrency holders by facilitating unauthorized access and financial theft.

This suspicious domain was registered through Cloudflare, Inc. and created recently on February 21, 2026. It resolved to the IP address 172.66.45.46 and was found on at least one security blocklist. VirusTotal scans flag it by 15 security vendors out of 95, indicating consensus on its malicious intent. The page title "Suspected phishing site | Cloudflare" confirms that the domain was promptly taken offline, reducing immediate risk.

Users should remain vigilant by avoiding any links to ledgerlogin-cdn.pages.dev and similar domains. Always verify URLs directly through official Ledger channels and avoid entering credentials on suspicious sites. Employing updated security solutions and enabling two-factor authentication on Ledger accounts can further protect against phishing attempts. PhishDestroy recommends reporting suspicious domains and staying informed about emerging threats targeting cryptocurrency brands.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Ledger
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.45.46
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["igor.ns.cloudflare.com", "keyla.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Phishing Database", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ac36c-832e-7558-8f3b-95faf0375e97.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/dfeccff6-8bcf-494f-9000-7a5feffadab2
- PhishDestroy: https://phishdestroy.io/domain/ledgerlogin-cdn.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledgerlogin-cdn.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledgerlogin-cdn.pages.dev/
Last updated: 2026-03-19