# ledger-live-wallet-pd-us.pages.dev — MALICIOUS

> ledger-live-wallet-pd-us.pages.dev is a high-risk crypto drainer domain. Avoid interaction and ensure wallet security immediately.

## Summary
PhishDestroy identifies ledger-live-wallet-pd-us.pages.dev as a high-risk crypto drainer domain designed to steal cryptocurrency assets from victims. The domain impersonates legitimate Ledger wallet services to deceive users into revealing sensitive information such as private keys or seed phrases. Classified under crypto fraud, this threat targets cryptocurrency holders by exploiting trust in popular wallet brands.

Technical analysis reveals the domain was registered on February 21, 2026, through Cloudflare, Inc., a common provider used by threat actors to mask origin and hosting details. VirusTotal flagged it by 14 security vendors, and it appears on two major security blocklists, indicating recognition by the wider cybersecurity community. The domain’s infrastructure leverages Cloudflare’s Pages platform (pages.dev), allowing rapid deployment of phishing content without traditional hosting footprints.

As of now, the domain has been taken offline, reducing immediate risk to users. PhishDestroy recommends continued vigilance for similar phishing domains and advises cryptocurrency users to verify official wallet URLs directly. Users who interacted with the domain should check their wallet security and consider migrating assets if compromise is suspected.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Ledger
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.57
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["greg.ns.cloudflare.com", "shaz.ns.cloudflare.com"]
- SSL Issuer: SSL Corporation / Cloudflare TLS Issuing ECC CA 3

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019b10fc-628c-72de-a485-92d8f0f430a4.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/1dfef525-fb88-46bf-afae-6d0bfdcdc5bb
- PhishDestroy: https://phishdestroy.io/domain/ledger-live-wallet-pd-us.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledger-live-wallet-pd-us.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledger-live-wallet-pd-us.pages.dev/
Last updated: 2026-03-19