# login-ledger-liv.pages.dev — MALICIOUS

> login-ledger-liv.pages.dev is a Ledger-brand impersonation crypto drainer flagged by 11/95 VirusTotal scanners.

## Summary
PhishDestroy identifies login-ledger-liv.pages.dev as an active high-risk crypto drainer designed to steal Ledger cryptocurrency wallet credentials and drain funds. The domain mimics Ledger’s official brand to trick users into entering seed phrases or private keys on a fake login interface hosted on Cloudflare Pages. This tactic is part of a growing trend where threat actors use convincing replicas of legitimate crypto wallet login portals to trick victims into surrendering sensitive wallet data.  

This domain was flagged by PhishDestroy after it was detected impersonating Ledger and resolved to IP 188.114.96.3, currently hosting a fraudulent login page at http://ledger-live-logi-abm.pages.dev/. VirusTotal analysis shows 11 out of 95 security vendors have identified this domain as malicious, with Google Trust Services issuing the SSL certificate. While registered through Cloudflare, the domain uses Cloudflare Pages to host a deceptive login form that closely resembles the legitimate Ledger Live interface. The presence of a Google-issued certificate adds a false sense of legitimacy, which attackers exploit to bypass browser warnings. This domain remains active despite flagging by multiple security tools.  

If you visited login-ledger-liv.pages.dev or entered any wallet credentials, assume your seed phrase or private key has been compromised. Do not enter any more information or send funds. Immediately revoke access to any wallet connected to this domain, transfer remaining assets to a new wallet with a different seed phrase, and enable multi-factor authentication where possible. Use PhishDestroy to verify the authenticity of any Ledger-related links before interacting. Always access Ledger services directly through the official ledger.com domain or the verified Ledger Live application. Report this domain to PhishDestroy to help protect the community from further attacks.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP ?)
- Target brand: Ledger
- Page title: http://ledger-live-logi-abm.pages.dev/

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 11 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/626e737d-51aa-493a-af13-7472d9de1155
- PhishDestroy: https://phishdestroy.io/domain/login-ledger-liv.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/login-ledger-liv.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/login-ledger-liv.pages.dev/
Last updated: 2026-04-12