# legacygrantbank.live — SUSPICIOUS

> legacygrantbank.live is a live banking phishing domain flagged by 2 of 95 VirusTotal vendors. Check the full report.

## Summary
PhishDestroy identifies legacygrantbank.live as an active banking phishing domain impersonating legitimate financial services to harvest user credentials and sensitive data.

This domain was flagged by 2 of 95 VirusTotal security vendors, registered through Dynadot Inc on March 17, 2026. It resolves to IP 198.251.84.200 and holds a Let’s Encrypt SSL certificate. With a minimal blocklist presence and low trust scores across threat intelligence platforms, its recent creation and minimal detection underscore its elevated risk to unsuspecting users seeking financial services.

As of this advisory, legacygrantbank.live remains active and poses an immediate threat to individuals attempting to access banking or financial platforms. Organizations and users are strongly advised to block this domain at the network perimeter and endpoint levels, avoid engagement, and report any observed activity to their security teams. Immediate updates to DNS blocklists and SIEM rules are recommended to mitigate potential compromise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-17 17:31:23
- Registrar: Dynadot Inc
- IP: 198.251.84.200

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4223c0a7-1091-408e-9e82-6048f2e10589
- PhishDestroy: https://phishdestroy.io/domain/legacygrantbank.live/
- LLM endpoint: https://phishdestroy.io/domain/legacygrantbank.live/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/legacygrantbank.live/
Last updated: 2026-03-23