# en-ledgrwalet.pages.dev — SUSPICIOUS > en-ledgrwalet.pages.dev masquerades as Ledger to steal crypto wallet data. This Cloudflare-hosted imposter uses a Google Trust Services SSL cert at 172.66.44. ## Summary PhishDestroy identifies en-ledgrwalet.pages.dev as a live brand-impersonation node targeting Ledger cryptocurrency wallet users. The domain is currently under investigation (Risk Level: under_investigation) and exhibits all hallmarks of a credential-harvesting trap designed to trick visitors into surrendering recovery phrases or private keys. This domain was flagged by PhishDestroy’s pipeline on seed f4a7f1. VirusTotal shows 0 detections out of 95 engines at time of scan, indicating it has slipped past most signature-based filters. It is registered anonymously through Cloudflare, Inc. and resolves to IP address 172.66.44.163. The site secures connections with a Google Trust Services certificate, lending it a veneer of legitimacy. As of the latest telemetry, it remains absent from major public blocklists, which increases the risk of accidental exposure for search-engine-reliant users. Mitigation begins with immediate network-level blocking of the domain and its resolving IP. Users who may have visited the site should assume their Ledger seed phrases or private keys were compromised; transfer remaining assets to a newly initialized wallet on verified hardware and revoke any app permissions granted via the imposter site. Report the domain to Ledger’s official phishing inbox and flag it on your DNS resolver to protect others. Remain vigilant for typosquat variants leveraging similar character substitutions, and always navigate to wallet interfaces via bookmarks or typed URLs rather than search results. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.163 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/a8328620-53a7-4262-acb1-15f7da8d7a91 - PhishDestroy: https://phishdestroy.io/domain/en-ledgrwalet.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/en-ledgrwalet.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/en-ledgrwalet.pages.dev/ Last updated: 2026-03-30