# ledger--wallet--eu.pages.dev — MALICIOUS

> ledger--wallet--eu.pages.dev impersonates Ledger with a crypto drainer kit. VirusTotal flags 6/95 vendors. Avoid this site now.

## Summary
PhishDestroy identifies ledger--wallet--eu.pages.dev as an active brand impersonation domain targeting Ledger users. This fraudulent site uses a crypto drainer kit to trick victims into connecting their wallets and stealing cryptocurrency assets. The domain mimics Ledger’s branding to deceive users into entering recovery phrases or granting wallet permissions, with the drainer kit automating fund transfers to attacker-controlled addresses. This is not a generic phishing page but a sophisticated crypto theft operation designed to empty wallets within seconds of wallet connection.  This domain was flagged by PhishDestroy with the following technical indicators: VirusTotal detection score of 6/95 security vendors, registered through Cloudflare, Inc., resolving to IP 188.114.96.3, using a Google Trust Services SSL certificate, and currently unlisted on Google Safe Browsing. The domain was created recently and has not yet accumulated significant blocklist entries, indicating an emerging threat with high potential for further abuse.  The domain remains active as of the latest scan, with elevated risk to cryptocurrency users. Immediate action is recommended: block the domain at network and endpoint levels, warn Ledger users to verify all links against official sources, and implement wallet connection monitoring to detect unauthorized transactions. While current detection coverage is partial, the absence from major blocklists suggests this threat may escalate rapidly. Users should treat any page referencing 'ledger--wallet--eu.pages.dev' as malicious and avoid interaction entirely.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 6 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c77b33c2-8322-405f-adbc-621be4c7afdf
- PhishDestroy: https://phishdestroy.io/domain/ledger--wallet--eu.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledger--wallet--eu.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledger--wallet--eu.pages.dev/
Last updated: 2026-03-26