# ledger-wallet--io.pages.dev — MALICIOUS

> Discover why ledger-wallet--io.pages.dev is a high-risk phishing domain impersonating Ledger. Learn how to stay safe from this offline scam site.

## Summary
PhishDestroy identifies ledger-wallet--io.pages.dev as a high-risk phishing domain impersonating the Ledger brand to deceive users. This site poses a significant threat by attempting to trick individuals into divulging sensitive information under the guise of a legitimate Ledger wallet service. It was flagged on multiple security blocklists and Google Safe Browsing for social engineering, which highlights its malicious intent.

This phishing operation works by mimicking Ledger’s official web presence, using a similar domain name and branding to create a false sense of trust. Visitors may be prompted to enter private keys or login credentials, which can then be harvested by attackers for fraudulent purposes. The domain was registered recently through Cloudflare, Inc., and was taken offline after detection, but the risk remains for those who encounter such deceptive URLs.

If you have visited ledger-wallet--io.pages.dev, it is crucial to immediately discontinue any interaction with the site and avoid sharing personal or financial information. Users should run thorough antivirus scans, change any compromised credentials, and enable two-factor authentication on their Ledger accounts and related services. Staying vigilant against brand impersonation attempts like this is essential to protect your digital assets.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Ledger
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.77
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["malcolm.ns.cloudflare.com", "hera.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["alphaMountain.ai", "BitDefender", "CyRadar", "Ermes", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Phishing Database", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c94c2-a609-742d-a8e4-b06d69a2fe7b.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/580f0b56-26f5-4162-b656-0ee9f77149eb
- PhishDestroy: https://phishdestroy.io/domain/ledger-wallet--io.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledger-wallet--io.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledger-wallet--io.pages.dev/
Last updated: 2026-03-19