# adv-ledgr-wllt-live.pages.dev — SUSPICIOUS

> adv-ledgr-wllt-live.pages.dev is a malicious Google Pages domain hosting a fake wallet phishing kit. Resolves to IP 188.114.97.

## Summary
A deceptive Google Pages domain, adv-ledgr-wllt-live.pages.dev, has been identified actively distributing a sophisticated fake wallet phishing campaign. Impersonating a legitimate wallet service, this malicious site lures users into entering their private keys or seed phrases under the guise of account verification or balance checks. The threat actor leverages Cloudflare's infrastructure and a Google-issued SSL certificate to enhance credibility, tricking victims into surrendering sensitive cryptocurrency access credentials. This domain is not associated with any valid wallet service and should be treated as a high-fidelity phishing lure targeting digital asset holders.  This domain was flagged by only 2 out of 95 VirusTotal security vendors, indicating a low initial detection rate despite its active malicious intent. Hosted on IP 188.114.97.3, it is served via Cloudflare, Inc., a common tactic used by threat actors to obfuscate origin and evade takedowns. The domain is part of a Google Pages (*.pages.dev) subdomain, which may exploit user trust in Google-hosted content. The minimal vendor detection highlights the stealthy nature of this operation and the need for heightened user vigilance when interacting with wallet-related web pages.  Users who have visited adv-ledgr-wllt-live.pages.dev should immediately assume their cryptocurrency credentials may have been compromised. Avoid entering any private keys, seed phrases, or wallet passwords on this domain or any linked pages. Change passwords and enable two-factor authentication on all crypto wallets. If wallet funds are at risk, consider transferring remaining assets to a new, segregated wallet with a unique recovery phrase. Report the domain to your security team or relevant threat intelligence platform using the indicators provided. Additionally, monitor connected wallets for unauthorized transactions and consider revoking any permissions granted to third-party services linked during this exposure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/a1ae18be-6eb0-4ced-b031-800c46588209
- PhishDestroy: https://phishdestroy.io/domain/adv-ledgr-wllt-live.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/adv-ledgr-wllt-live.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/adv-ledgr-wllt-live.pages.dev/
Last updated: 2026-03-24