# ledgerlivewallettt.pages.dev — MALICIOUS

> Discover why ledgerlivewallettt.pages.dev is flagged for Ledger brand impersonation. Learn about its phishing risk and current offline status here.

## Summary
PhishDestroy has identified ledgerlivewallettt.pages.dev as a malicious domain engaged in brand impersonation targeting Ledger, a well-known cryptocurrency hardware wallet provider. The domain was specifically designed to mimic Ledger’s web presence, aiming to deceive users and potentially steal sensitive information.

This domain was registered on February 21, 2026, through Cloudflare, Inc., and resolved to the IP 104.21.96.1. It appeared in one security blocklist and was flagged by 15 out of 95 VirusTotal security vendors. The page title identified was "Suspected phishing site | Cloudflare," highlighting its nefarious purpose. Such technical indicators point to a phishing infrastructure exploiting Cloudflare’s services to host counterfeit Ledger content.

As of now, ledgerlivewallettt.pages.dev has been taken offline, mitigating immediate threat to users. However, given its high-risk classification and association with cryptocurrency theft tactics, monitoring remains critical. PhishDestroy encourages vigilance and warns users to avoid interacting with this and similarly deceptive domains.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Ledger
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 104.21.96.1
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["maya.ns.cloudflare.com", "terry.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Phishing Database", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/01994695-743f-755a-9968-1fc38b7ce03d.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/e7315fa6-52ba-4453-af88-25f7ef4030a7
- PhishDestroy: https://phishdestroy.io/domain/ledgerlivewallettt.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledgerlivewallettt.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledgerlivewallettt.pages.dev/
Last updated: 2026-03-19