# ledger-live-waleet-x-cdn.pages.dev — SUSPICIOUS > Danger: ledger-live-waleet-x-cdn.pages.dev impersonates Ledger to steal crypto via a drainer. Verify on PhishDestroy before clicking. VT 0/95 detections. ## Summary PhishDestroy identifies ledger-live-waleet-x-cdn.pages.dev as an active brand-impersonation domain targeting Ledger users with a crypto drainer payload. The domain is currently listed as under_investigation with a risk level of medium, reflecting the potential for immediate financial harm to cryptocurrency holders who interact with the fraudulent site. Technical indicators show the domain was registered through Cloudflare, Inc. and resolves to IP 172.66.47.197. VirusTotal currently shows 0 detections out of 95 engines, indicating low antivirus coverage despite clear malicious intent. The SSL certificate is issued by Google Trust Services, which may lend superficial legitimacy to the page but does not validate its authenticity as a Ledger service endpoint. This domain was flagged due to its use of a brand impersonation attack designed to trick users into connecting their crypto wallets and approve malicious transactions. The page uses a Cloudflare Pages deployment (pages.dev subdomain) to host a fake Ledger Live interface, leveraging the legitimate CDN service to evade basic domain-based blocking. The associated IP address (172.66.47.197) is part of Cloudflare’s edge network, which is commonly abused by threat actors to host phishing and drainer kits. Despite zero VirusTotal detections, the domain has not been widely blacklisted, increasing the risk of exposure to users searching for official Ledger services. The absence of detection suggests either a newly deployed campaign or the use of evasion techniques not yet recognized by signature-based defenses. Users targeted by this domain should immediately disconnect their wallet and revoke any unintended transaction approvals via their wallet interface. Ledger users are advised to access services only through the official ledger.com domain and verify any download links directly from the company’s verified social media or support channels. Enable phishing protection features in your wallet app and consider using hardware wallet transaction confirmation screens to prevent unauthorized transfers. If you have visited this domain, check your wallet’s transaction history and revoke any suspicious approvals using tools like revoke.cash. Report the domain to PhishDestroy and your antivirus vendor to improve detection coverage and protect others from this drainer campaign. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.197 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/fe70e281-10aa-4289-996a-b2f6f5e0f253 - PhishDestroy: https://phishdestroy.io/domain/ledger-live-waleet-x-cdn.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ledger-live-waleet-x-cdn.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledger-live-waleet-x-cdn.pages.dev/ Last updated: 2026-03-22