# support-ledger-live-eng-us.pages.dev — MALICIOUS > support-ledger-live-eng-us.pages.dev is a crypto drainer impersonating Ledger with a fake login page. VirusTotal flags 10/95 vendors. ## Summary PhishDestroy identifies support-ledger-live-eng-us.pages.dev as a live phishing domain masquerading as Ledger’s official support portal. This site specifically targets cryptocurrency users by presenting a spoofed login interface designed to harvest seed phrases or private keys. Upon redirection, visitors are prompted to enter sensitive recovery phrases under the guise of providing ‘account support,’ a common tactic in crypto drainer campaigns that immediately transfers assets to attacker-controlled wallets upon submission. This domain was flagged by 10 out of 95 VirusTotal security vendors, indicating a significant but not universal detection rate. It resolves to IP 172.66.44.152 and is registered through Cloudflare, Inc., leveraging Google Trust Services for SSL encryption to enhance credibility. The use of Cloudflare’s infrastructure obscures the true origin, while the HTTPS certificate creates a false sense of legitimacy. The domain impersonates Ledger’s official branding, mimicking communication formats and UI elements to deceive users familiar with the hardware wallet brand. The seed phrase harvesting mechanism likely integrates with automated drainer scripts that monitor wallet balances and initiate unauthorized transfers within minutes of credential submission. If you visited support-ledger-live-eng-us.pages.dev and entered any cryptocurrency-related credentials or wallet information, immediately disconnect from the internet, revoke any shared wallet access, and transfer remaining funds to a new, isolated wallet. Scan all connected devices for malware and change passwords across all crypto-related accounts. Report the incident to Ledger’s official support and file a complaint with your local cybercrime unit. Avoid engaging with unsolicited support links and always verify URLs via PhishDestroy’s real-time scanner or official Ledger domains before entering sensitive data. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.152 ## Detection Status - VirusTotal: 10 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/3e07888c-c902-494c-bc92-5bfc040df591 - PhishDestroy: https://phishdestroy.io/domain/support-ledger-live-eng-us.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/support-ledger-live-eng-us.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/support-ledger-live-eng-us.pages.dev/ Last updated: 2026-03-22