# ledger-wallet-live.pages.dev — MALICIOUS

> ledger-wallet-live.pages.dev mimics Ledger to steal credentials. Learn how this phishing site works and what to do if you encountered it.

## Summary
PhishDestroy identifies ledger-wallet-live.pages.dev as a high-risk phishing domain impersonating the Ledger brand. This site attempts to trick users into believing it is an official Ledger wallet page, putting their sensitive information and crypto assets at risk. Users must be cautious as such scams can lead to theft of funds and identity compromise.

The phishing technique involves creating a domain name and webpage closely resembling Ledger's legitimate site. When victims visit ledger-wallet-live.pages.dev, they may be prompted to enter private keys, recovery phrases, or login credentials. The attackers capture this data to gain unauthorized access to users' cryptocurrency wallets. The domain was flagged by multiple security vendors and appeared on blocklists before it was taken offline, indicating its malicious intent.

If you visited this site, immediately cease any interaction and do not input any personal or security information. Change your Ledger account credentials and enable two-factor authentication. Review your cryptocurrency accounts for any unauthorized transactions. Report the phishing attempt to Ledger and relevant authorities to help prevent further victims. Staying alert to suspicious URLs and verifying official sources is essential to stay safe online.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Ledger
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.45.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["kolton.ns.cloudflare.com", "sneh.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["Criminal IP", "alphaMountain.ai", "ArcSight Threat Intelligence", "BitDefender", "CRDF", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bc6ec-c453-75ab-94c2-4448f6449f51.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/a8d08ee8-1697-41e3-9f96-12b8087d1090
- PhishDestroy: https://phishdestroy.io/domain/ledger-wallet-live.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledger-wallet-live.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledger-wallet-live.pages.dev/
Last updated: 2026-03-19