Fake Ledger Website

[bitcoinermatt]

Beware! There is fake Ledger site which is very old but is still making victims. The URL is: http://ledgerlive.io/ Be very careful when accessing the site. The site seems to be hosted in Quebec, Canada.

[AB de Royse777]

Warning: Please ignore this post.
This was made without doing much research. Here is the new follow-up post: https://bitcointalk.org/index.php?topic=5298828.msg55796537#msg55796537

Beware! There is fake Ledger site which is very old but is still making victims. The URL is: http://ledgerlive.io/ Be very careful when accessing the site. The site seems to be hosted in Quebec, Canada.

I would not call it fake or phishing. Someone has the domain, and they just forwarded the domain to the original site. This could be an affiliate if I am not too wrong.

Check all the links it takes from the domain.

Code:

https://shop.ledger.com/products/ledger-nano-s

[dkbit98]

No, that is not real Ledger website, but phishing website made by scammers and using puny codes and Mailjet service for spamming people.
In email they say it is ledgerlive.io domain, but download link is directing to website links shown below:

Code:

https://ledģėr.com
https://xn--ledr-xva5e.com/ledger-live/download/

That means that they hold both domains and many more.
ledgerlive.io is also not secure https domain and it is registered in Kiev, Ukraine and other puny code domain is hosted in Russia with IP 109.234.36.198 by vdsina.ru.

Domain name: ledgerlive.io
Registry Domain ID: D503300001183930984-LRMS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 0001-01-01T00:00:00.00Z
Creation Date: 2020-04-25T19:35:23.00Z
Registrar Registration Expiration Date: 2021-04-25T19:35:23.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrant City: Redacted for Privacy Purposes
Registrant State/Province: Kiev
Registrant Postal Code: Redacted for Privacy Purposes
Registrant Country: UA

PING xn--ledr-xva5e.com (109.234.36.198) 56(84) bytes of data.
64 bytes from v389465.hosted-by-vdsina.ru (109.234.36.198): icmp_seq=1 ttl=26 time=88.2 ms
64 bytes from v389465.hosted-by-vdsina.ru (109.234.36.198): icmp_seq=2 ttl=26 time=88.4 ms
64 bytes from v389465.hosted-by-vdsina.ru (109.234.36.198): icmp_seq=3 ttl=26 time=88.1 ms
64 bytes from v389465.hosted-by-vdsina.ru (109.234.36.198): icmp_seq=4 ttl=26 time=88.1 ms
64 bytes from v389465.hosted-by-vdsina.ru (109.234.36.198): icmp_seq=5 ttl=26 time=88.0 ms

[AB de Royse777]

Interesting. This seems very cleaver way to phish the cryptocurrency users. After reading dkbit98's post I went going to check possibly every URL they have. First I considered their motive to have such website and where exactly they can fish.

It's the download page!
Let the users to download a fake ledger live and once they connect the device, take the information and process it. Cleave.

Original ledge live download page:

Download link:
https://www.ledger.com/ledger-live/download

Fake ledger live download page:

Download link:

Code:

http://ledgerlive.io/download.php

I would not trust this the file that will be downloaded from this link. It surely is fishy or why other links has original ledger.com URL but only the download link has a different url that is not from ledge.

[bL4nkcode]

Code:

https://ledģėr.com
https://xn--ledr-xva5e.com/ledger-live/download/

This is the same domain name with the download link in the email I received today, and this is the first time I received an email with the email address I used to purchase in ledger years ago.

The email used was

Code:

support@legderlive.io

Here's the domain on the download link in the email same as quoted above