# ledgar-liue-wallet.pages.dev — MALICIOUS

> ledgar-liue-wallet.pages.dev flagged for Ledger brand impersonation phishing. 10 of 95 security vendors detected this threat. Check the full report.

## Summary
PhishDestroy identifies active impersonation of the Ledger hardware wallet brand via the domain ledgar-liue-wallet.pages.dev. This fraudulent site attempts to deceive users into surrendering cryptocurrency wallet credentials or private keys by mimicking Ledger’s official wallet interface. No drainer kit artifacts were retrieved during sandbox analysis, suggesting the payload is delivered via credential harvesting or fake transaction signing prompts. The page utilizes Cloudflare Pages hosting, a legitimate service that has been abused for rapid deployment and cloaking of phishing infrastructure. Users are advised to avoid interacting with this domain entirely.

This domain resolves to IP 172.66.44.189 and is registered through Cloudflare, Inc. VirusTotal reports a detection score of 10 out of 95 security vendors as of the latest scan. The domain holds a valid SSL certificate issued by Google Trust Services, potentially increasing user trust. No listing on Google Safe Browsing (GSB) or major blocklists was detected at the time of analysis, which may allow continued accessibility. The domain is hosted on Cloudflare Pages, a serverless platform often leveraged for short-lived phishing campaigns due to its free tier and rapid deployment capabilities.

As of the latest assessment, the campaign remains active and operational, with active DNS resolution and open HTTP service. Immediate actions include domain takedown requests to Cloudflare Trust & Safety and GSB flagging to reduce exposure. Users should block the domain at the network level and avoid visiting it. Remaining risk is elevated due to successful SSL certificate issuance, lack of GSB blocking, and the absence of a drainer signature—indicating potential evolution in tactics. Continuous monitoring is recommended to detect shifts in payload or infrastructure.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.189

## Detection Status
- VirusTotal: 10 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/b53687a9-13ef-4180-a2ed-d5ed0097a2d3
- PhishDestroy: https://phishdestroy.io/domain/ledgar-liue-wallet.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledgar-liue-wallet.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledgar-liue-wallet.pages.dev/
Last updated: 2026-04-11