# official-ledger-live-wallet.pages.dev — MALICIOUS

> official-ledger-live-wallet.pages.dev mimics Ledger's brand to steal credentials, with 12 of 95 VirusTotal vendors flagging it.

## Summary
official-ledger-live-wallet.pages.dev is an active domain engaged in brand impersonation targeting Ledger cryptocurrency wallet users.

PhishDestroy identifies this domain as a sophisticated Ledger impersonation site designed to deceive users into entering sensitive credentials. Current telemetry confirms the threat remains active as of the latest analysis. VirusTotal scanning engines have flagged this domain with a detection rate of 12 out of 95 security vendors, indicating moderate but concerning recognition across industry standards. The domain was registered through Cloudflare, Inc. and resolves to IP address 172.66.47.85, which hosts the malicious infrastructure. The Google Trust Services SSL certificate suggests an attempt to establish false legitimacy, despite the impersonation nature of the content.

Technical analysis reveals this domain employs exact-match brand spoofing, replicating Ledger's official naming conventions to maximize victim engagement. The 12/95 VirusTotal detection ratio suggests limited but existing recognition within security communities, while the Cloudflare registration obscures ownership details. The associated IP address 172.66.47.85 has been correlated with multiple cryptocurrency wallet scams, indicating this infrastructure's repeat usage for fraudulent purposes. The threat level remains elevated due to the combination of brand exploitation and active SSL certification.

Immediate action is required from users and organizations. Block both the domain official-ledger-live-wallet.pages.dev and its resolved IP address 172.66.47.85 at network and endpoint levels. Users should verify Ledger downloads exclusively through the official ledger.com domain and never through third-party domains. Security teams should deploy DNS sinkholing for this domain and investigate any network connections to the associated IP address. Additionally, consider reporting this domain to Cloudflare's abuse channels and Ledger's official phishing reporting systems to expedite takedown procedures. Enhanced monitoring for credential phishing attempts related to cryptocurrency wallets is strongly recommended during this active campaign.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.85

## Detection Status
- VirusTotal: 12 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/e9150218-d44f-4f27-8376-dd6ec6bcea50
- PhishDestroy: https://phishdestroy.io/domain/official-ledger-live-wallet.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/official-ledger-live-wallet.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/official-ledger-live-wallet.pages.dev/
Last updated: 2026-03-22