# lezgers-liives-loggif-ens.pages.dev — SUSPICIOUS

> PhishDestroy identifies lezgers-liives-loggif-ens.pages.dev impersonating Ledger with a drainer kit. Check the full report.

## Summary
PhishDestroy identifies lezgers-liives-loggif-ens.pages.dev as an active brand impersonation phishing domain targeting Ledger users. The fraudulent page mimics the official Ledger Live login portal, complete with a spoofed title and SSL certificate issued by Google Trust Services. This campaign employs a drainer kit designed to steal cryptocurrency wallet credentials and assets, leveraging Cloudflare’s infrastructure to evade detection and prolong its operational lifespan. The domain was flagged under seed b22e9a and remains under active investigation as of the latest scan.  

This domain resolves to IP 172.66.44.176, registered through Cloudflare, Inc. VirusTotal analysis shows 0 detections out of 95 scanners, indicating low detection coverage despite clear malicious intent. The domain was created recently, with no further creation date details available, and the Google Safe Browsing (GSB) status is unconfirmed. It has not yet been added to major blocklists, leaving potential victims exposed to ongoing attacks.  

The domain is currently active and poses a high risk to Ledger users seeking legitimate wallet access. PhishDestroy recommends immediate domain blocking and user awareness campaigns to mitigate exposure. Remaining risk is classified as under investigation due to the absence of VirusTotal detections and blocklist inclusion. Users should verify URLs via official Ledger channels and avoid interacting with this or similar spoofed domains.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: alive (HTTP ?)
- Target brand: Ledger
- Page title: Ledger Live Login | Official Ledger Wallet Setup

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.176

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/317491f1-551d-438c-9b3e-b33cc5fb2c49
- PhishDestroy: https://phishdestroy.io/domain/lezgers-liives-loggif-ens.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/lezgers-liives-loggif-ens.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/lezgers-liives-loggif-ens.pages.dev/
Last updated: 2026-04-13