# auths-ledgrhardwear.pages.dev — MALICIOUS

> auths-ledgrhardwear.pages.dev is a crypto drainer scam flagged by 9/95 VirusTotal vendors. SSL issued by Google Trust Services. Avoid connecting wallets.

## Summary
PhishDestroy identifies auths-ledgrhardwear.pages.dev as an active crypto drainer impersonating a legitimate hardware wallet provider. The domain abuses Cloudflare Pages hosting to deliver a malicious drainer script that silently drains cryptocurrency wallets upon connection. The page mimics a fake login portal for a popular hardware wallet brand, leveraging typo-squatting in the subdomain path to deceive users searching for official wallet software.  

This domain was flagged by 9 out of 95 VirusTotal security vendors at the time of analysis, indicating widespread detection as malicious. The domain is registered through Cloudflare, Inc., resolving to IP address 172.66.47.82 and secured with a Google Trust Services SSL certificate. The seed identifier 891a23 confirms this threat record in PhishDestroy's database. The domain is currently active and unblocked by Google Safe Browsing, though it has been listed on multiple threat intelligence blocklists.  

Users should immediately block access to auths-ledgrhardwear.pages.dev and avoid any interaction with the page. Security teams are advised to update network blocklists and endpoint protection rules to include this domain and its associated IP. The elevated risk level and active status mean this domain remains a significant threat to cryptocurrency users. Remaining risk is moderate due to active hosting and SSL certificate, which may bypass some browser-based security warnings.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.82

## Detection Status
- VirusTotal: 9 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/8a8ecc21-4eb7-4e0e-9424-3d4d014775c8
- PhishDestroy: https://phishdestroy.io/domain/auths-ledgrhardwear.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/auths-ledgrhardwear.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/auths-ledgrhardwear.pages.dev/
Last updated: 2026-03-24