# wallet-ledger-live-io.pages.dev — MALICIOUS > wallet-ledger-live-io.pages.dev impersonates Ledger's official wallet with a 15/95 VirusTotal detection rate. ## Summary wallet-ledger-live-io.pages.dev has been identified as an active brand impersonation scam targeting Ledger cryptocurrency wallet users. The domain mimics the legitimate Ledger Live wallet interface to deceive visitors into entering sensitive credentials or downloading malicious software. Threat actors behind this operation are leveraging Cloudflare's Pages service to host a convincing replica of Ledger's official platform, with the goal of harvesting private keys, seed phrases, or other authentication details. This domain represents an elevated risk due to its active status and the potential for financial loss or account compromise. This domain was flagged by 15 out of 95 security vendors on VirusTotal, indicating partial detection but not universal recognition of its malicious nature. The domain resolves to IP address 172.66.47.133, which is associated with Cloudflare's infrastructure, and is registered through Cloudflare, Inc. While the SSL certificate is issued by Google Trust Services, this alone does not guarantee legitimacy, as threat actors frequently exploit legitimate certificate authorities to lend false credibility to their operations. The use of Cloudflare Pages further complicates mitigation efforts, as the service allows rapid deployment and takedown of domains, making proactive blocking challenging for security teams. Users who have visited this domain should immediately cease any interaction with it and verify their Ledger wallet access through the official website (ledger.com). If credentials or seed phrases were entered, assume compromise and transfer all assets to a new wallet using the official Ledger Live application. Enable two-factor authentication on any associated accounts and monitor for unauthorized transactions. Organizations should block this domain at the network level and update blocklists to prevent further exposure. Report this domain to Ledger's fraud team and your organization's security operations center to aid in tracking and mitigation efforts. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.133 ## Detection Status - VirusTotal: 15 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/b6cfe83d-c36f-418b-8468-83dcd36551f0 - PhishDestroy: https://phishdestroy.io/domain/wallet-ledger-live-io.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/wallet-ledger-live-io.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/wallet-ledger-live-io.pages.dev/ Last updated: 2026-03-22