Phishing | These Ghost.io pages are impersonating Ledger / Ledger Live and may be used for phishing, fake wallet downloads, or redirect/cloaking campaigns targeting crypto users.

[abaev020-svg]

What are the subjects of the phishing (domains, URLs or IPs)?

• https://startledgersso.ghost.io/en-ldgrlive
• https://livepage.ghost.io/live-en

What are the impersonated domains?

• ledger.com
• www.ledger.com
• www.ledgerlive.com

Where or how did you discover this phishing?

I discovered this phishing campaign while investigating suspicious crypto-related pages hosted on Ghost.io subdomains.

The pages impersonate Ledger / Ledger Live branding and appear to promote fake wallet access or Ledger Live setup pages. These phishing pages may be used to steal recovery phrases, seed phrases, or wallet credentials from cryptocurrency users.

The URLs were identified through manual phishing investigation and threat hunting related to crypto wallet scams.тут что?

Do you have a screenshot?

Screenshot

Related external source

• https://www.virustotal.com/gui/domain/startledgersso.ghost.io
• https://www.virustotal.com/gui/domain/livepage.ghost.io

Additional Information or Context

These phishing pages are hosted on unrelated Ghost.io subdomains and impersonate Ledger / Ledger Live services.

The pages appear to be part of a crypto phishing campaign targeting wallet users and may attempt to steal recovery phrases, seed phrases, or wallet credentials.

The infrastructure should be reviewed for abuse, phishing activity, and possible cloaking/redirect behavior.