homepage-online.ghost.io

https://homepage-online.ghost.io/en-live/

146.75.35.7 · Fastly, Inc

Location

Ashburn, United States

Domain Age

—

HTTP

200 · 15.8s

SSL

Valid· R12, Let's Encrypt, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Ledger Live®® Desktop — Getting Started | Official Ledger Wallet"

Save

Linked Phishing Report

This scan is attached to a vendor submission report

Brand

Ledger Live / Ledger

Vendors

25/26

Status

partial

✓ apwg✓ cisa✓ spamhaus✓ emsisoft✓ apple✓ openphish✓ netcraft✓ urlquery✓ urlscan✓ phishreport✓ sophos✓ virustotal✓ phishtank✓ microsoft✓ bitdefender✓ yandex✓ avg✓ norton✓ urlabuse✓ eset✓ avast✓ brightcloud✓ mcafee✓ threatyeti✓ fortiguard

Registered-domain escalation

Submit ghost.io as the primary IOC, enriched with evidence from hostile subdomains like homepage-online.ghost.io.

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Ledger Live / Ledger (Ledger official branding present in page title and content) but hosted on ghost.io domain impersonation

Unknown

Cryptocurrency | technology | finance · 4/5/2026

Summary

This page at homepage-online.ghost.io/en-live/ presents Ledger Live branding and Official Ledger Wallet content, but the domain is not ledger.com. The page title and metadata impersonate Ledger Live and also reference Microsoft Live in signals, indicating brand impersonation. The site loads Ledger-like content and assets through a Ghost.infra front-end, aiming to harvest credentials or user data via a faux Ledger Live page.

Attack Techniques (1)

SSL certificate issued recently from Let's Encrypt on a brand-impersonating domain

Indicators of Compromise (1)

▸PAGE TITLE contains Ledger Live and Official Ledger Wallet (brand impersonation)

Risk AssessmentUsed in abuse reports

The site is clearly attempting to impersonate Ledger Live branding on a non-official domain. The page title explicitly references Ledger Live and Official Ledger Wallet, while the canonical and content originate from ghost.io infrastructure, a significantly different domain from Ledger. The presence of a recent Let's Encrypt certificate and multiple external script assets loading SPA components suggests a crafted phishing surface designed to harvest credentials or sensitive information. Immediate suspension of the domain and blocking of hosting or DNS propagation is warranted; this site demonstrates deliberate brand impersonation and credential harvesting risk.

Recommended Action

Suspend Domain

Cross-Reference8

URL Intelligence