# ladger-wallet-support.pages.dev — MALICIOUS > PhishDestroy identifies ladger-wallet-support.pages.dev as a Ledger brand impersonation phishing site hosting a drainer kit. Check the full report. ## Summary PhishDestroy identifies the active domain ladger-wallet-support.pages.dev as a confirmed brand impersonation scam falsely claiming association with Ledger, a leading hardware wallet manufacturer. Analysis confirms the presence of a cryptocurrency drainer kit designed to steal user funds under the guise of providing Ledger wallet support. The campaign leverages social engineering tactics, impersonating official support channels to trick victims into connecting their wallets or entering sensitive recovery phrases. This domain is part of a broader campaign targeting cryptocurrency users through lookalike support portals, with indicators suggesting automated deployment and hosting via Cloudflare Pages to evade detection. This domain resolves to IP address 172.66.44.211 and was registered through Cloudflare, Inc., utilizing a Google Trust Services SSL certificate to enhance credibility. VirusTotal analysis flags the domain with an 11/95 detection ratio, indicating moderate but significant malicious activity. The domain was created recently and remains unlisted on Google Safe Browsing (GSB) as of the latest scan. Additional telemetry sources report minimal blocklist coverage, suggesting the campaign is still in its operational lifecycle with potential for escalation. The attacker’s choice of Cloudflare Pages for hosting provides resilience against takedowns while facilitating rapid infrastructure turnover. As of this assessment, ladger-wallet-support.pages.dev remains active and continues to serve the drainer payload to unsuspecting victims. PhishDestroy has flagged this domain for immediate takedown and notified relevant stakeholders including Ledger’s abuse team and hosting providers. Despite these actions, the domain’s use of Cloudflare’s infrastructure complicates rapid mitigation, leaving users exposed to continued risk. Security teams are advised to monitor for related domains, block the IP (172.66.44.211), and issue user advisories regarding fraudulent Ledger support portals. The elevated risk level warrants heightened vigilance, particularly among cryptocurrency users interacting with support channels. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.211 ## Detection Status - VirusTotal: 11 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/726ae719-cf07-48e3-a11a-4c2ece4d699c - PhishDestroy: https://phishdestroy.io/domain/ladger-wallet-support.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ladger-wallet-support.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ladger-wallet-support.pages.dev/ Last updated: 2026-03-31