# connect-ldgeir-wallet.pages.dev — SUSPICIOUS > connect-ldgeir-wallet.pages.dev is a live crypto drainer phishing page hosted on Cloudflare. VirusTotal shows 0/95 detections. ## Summary PhishDestroy identifies an active crypto drainer campaign targeting cryptocurrency users through the domain connect-ldgeir-wallet.pages.dev. This site is a fraudulent web page designed to trick victims into connecting their cryptocurrency wallets under the false pretense of wallet integration, asset management, or transaction verification. Once a user authorizes a wallet connection, the page attempts to siphon funds directly from the connected wallet by exploiting smart contract permissions or transaction signing prompts. The domain leverages a legitimate Google Trust Services SSL certificate to appear trustworthy, while Cloudflare’s infrastructure obscures its real origin. VirusTotal currently shows zero detections out of 95 security engines, indicating this threat remains largely undetected by automated tools. This domain was flagged by Google Safe Browsing with the label SOCIAL_ENGINEERING, confirming malicious intent through deception. It resolves to IP address 172.66.44.91 and is registered through Cloudflare, Inc., a common tactic among threat actors to rapidly deploy and rotate malicious infrastructure. The use of a .pages.dev subdomain under Google’s Pages platform suggests an attempt to exploit free hosting services to evade traditional domain-based blocking mechanisms. The domain’s structure—connect-ldgeir-wallet—mimics legitimate wallet services, likely distributed via phishing emails, social media, or impersonation of support channels. If you visited connect-ldgeir-wallet.pages.dev or connected your crypto wallet, immediately revoke all permissions granted to this domain through your wallet’s settings or a dedicated revocation tool such as revoke.cash. Do not interact with any further prompts from this site. Transfer all remaining assets to a secure wallet if you suspect compromise. Report the domain to your wallet provider, Google Safe Browsing, and relevant cybersecurity authorities. Monitor your wallet and transaction history for unauthorized activity. Always verify URLs manually before interacting and use hardware wallets for high-value assets. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.91 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/connect-ldgeir-wallet.pages.dev - PhishDestroy: https://phishdestroy.io/domain/connect-ldgeir-wallet.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/connect-ldgeir-wallet.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/connect-ldgeir-wallet.pages.dev/ Last updated: 2026-04-09