# live-logn-ledgr.pages.dev — SUSPICIOUS > live-logn-ledgr.pages.dev mimics a Ledger wallet login page to steal crypto credentials. VirusTotal 0/95 detections — Check the full report. ## Summary PhishDestroy identifies live-lgn-ledgr.pages.dev as a live phishing site impersonating Ledger wallet login portals to harvest cryptocurrency credentials. This fraudulent domain resolves to IP 172.66.47.11 and uses a Google Trust Services SSL certificate to appear legitimate. The page was detected attempting to mimic Ledger’s official authentication flow, tricking users into entering their 24-word seed phrases or private keys. The attacker leverages Cloudflare’s infrastructure to evade detection while hosting the fake login page on Google’s Pages.dev platform, which is commonly abused for phishing due to its free and rapid deployment capabilities. This domain remains under active investigation with 0 confirmed detections on VirusTotal as of the latest scan, indicating it has not yet been widely blacklisted. Cloudflare, Inc. registered the domain, and the SSL certificate issued by Google Trust Services further lends false credibility to the scam. The domain’s infrastructure aligns with known phishing campaigns targeting cryptocurrency users, focusing on Ledger hardware wallet owners who may be less familiar with newer phishing tactics. The lack of detections underscores the importance of real-time monitoring, as threat actors continuously refine their obfuscation techniques to bypass automated detection systems. Users who visited live-lgn-ledgr.pages.dev should IMMEDIATELY assume their Ledger credentials or seed phrases were compromised and take protective action. Disconnect the device from the internet, transfer all remaining funds to a new, secure wallet, and revoke any app permissions linked to the compromised Ledger device. Report the incident to Ledger’s official support and file a complaint with your local cybercrime unit. Monitor accounts for unauthorized transactions and consider enabling multi-factor authentication on all crypto-related accounts. For a full technical breakdown and indicators of compromise, refer to the complete PhishDestroy advisory linked in our report. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.11 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/39869857-16fa-4cbe-9219-fcb7db9fe6e6 - PhishDestroy: https://phishdestroy.io/domain/live-logn-ledgr.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/live-logn-ledgr.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/live-logn-ledgr.pages.dev/ Last updated: 2026-03-24