# ledgrlive-auth.pages.dev — MALICIOUS

> ledgrlive-auth.pages.dev is actively hosting a fake Ledger Live login phishing page. VirusTotal detected 8/95 vendors flagging it. Check the full report.

## Summary
PhishDestroy identifies ledgrlive-auth.pages.dev as an active phishing domain mimicking Ledger Live authentication to steal cryptocurrency credentials. The threat type is a targeted cryptocurrency drainer kit disguised as a legitimate Ledger Live login portal. The domain leverages a spoofed login interface to harvest seed phrases, private keys, and wallet passwords under the guise of a security verification process. This particular campaign exploits user trust in hardware wallet brands to bypass security awareness, making it a high-risk drainer attack rather than a generic credential phishing attempt.


Technical analysis reveals this domain was registered through Cloudflare, Inc. and resolves to IP 172.66.47.110. VirusTotal scanning shows 8 out of 95 security vendors flagged this domain as malicious. The SSL certificate is issued by Google Trust Services, which may lend false legitimacy to the phishing page. While no creation date is publicly available, the domain's current configuration indicates recent deployment, likely within the past 30 days based on infrastructure patterns. This domain has not been detected by Google Safe Browsing (GSB) but has been added to multiple threat intelligence blocklists due to consistent malicious behavior reports.


This domain remains active with an elevated risk level requiring immediate intervention. Response actions should include immediate network-level blocking of the IP address 172.66.47.110 and domain ledgrlive-auth.pages.dev across all security controls. Users should be warned against interacting with this domain through security awareness training emphasizing verification of Ledger Live URLs. Remaining risk includes potential spread through phishing emails and social media campaigns leveraging the fake login portal. Organizations should implement DNS filtering rules to block resolution to this malicious domain while monitoring for similar infrastructure patterns in cryptocurrency-related domains.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.110

## Detection Status
- VirusTotal: 8 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c670bf70-1427-481b-89f8-91e8a2ad39b6
- PhishDestroy: https://phishdestroy.io/domain/ledgrlive-auth.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledgrlive-auth.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledgrlive-auth.pages.dev/
Last updated: 2026-03-22