# live-loggin-ledger-com-eng.pages.dev — MALICIOUS

> Avoid live-loggin-ledger-com-eng.pages.dev, a high-risk phishing domain impersonating Ledger. Site offline but stay alert to protect your crypto assets.

## Summary
PhishDestroy identifies live-loggin-ledger-com-eng.pages.dev as a high-risk phishing domain targeting users of Ledger, a popular cryptocurrency hardware wallet brand. This domain poses significant danger by attempting to trick victims into revealing sensitive information, such as recovery phrases or login credentials, which can lead to irreversible financial loss. Despite being taken offline, its recent creation in early 2026 and active detection on security blocklists confirm its malicious intent.

This phishing attack works by impersonating Ledger’s official interface to deceive users into believing they are interacting with legitimate services. The domain was registered through Cloudflare and resolved to an IP address associated with suspicious activity. Its page title, “Suspected phishing site | Cloudflare,” indicates that the hosting provider recognized its fraudulent nature and disabled it. Such domains often lure victims through deceptive URLs and mimic branding to harvest private keys and account details.

If someone has visited live-loggin-ledger-com-eng.pages.dev, they should immediately avoid entering any personal or wallet information and run a security check on their devices. Users are advised to change their Ledger account passwords using official Ledger channels and verify transactions through trusted applications. Monitoring accounts for unauthorized activity and enabling two-factor authentication where possible can mitigate damage. Staying informed through platforms like PhishDestroy helps users recognize and avoid emerging threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Ledger
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.18
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["novalee.ns.cloudflare.com", "vern.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Lionic", "Phishing Database", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c20f5-0196-704b-b061-c7481fc495a2.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/58453464-1985-4602-8160-9ecae1b73f34
- PhishDestroy: https://phishdestroy.io/domain/live-loggin-ledger-com-eng.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/live-loggin-ledger-com-eng.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/live-loggin-ledger-com-eng.pages.dev/
Last updated: 2026-03-19