# ledger-wallet-auth.pages.dev — MALICIOUS > PhishDestroy identifies ledger-wallet-auth.pages.dev as a Ledger brand impersonation site with crypto drainer capabilities. ## Summary PhishDestroy has identified a fraudulent website, ledger-wallet-auth.pages.dev, actively impersonating the Ledger cryptocurrency wallet brand. This domain is designed to deceive users into believing they are interacting with an official Ledger service, potentially leading to credential theft or cryptocurrency drainer attacks. The site leverages a legitimate SSL certificate issued by Google Trust Services and resolves to IP address 172.66.46.225, hosted through Cloudflare, Inc. This domain was flagged by 5 out of 95 security vendors on VirusTotal, indicating elevated risk. The impersonation is part of a growing trend where threat actors abuse cloud-based platforms like Cloudflare Pages to host fraudulent authentication portals. Users searching for Ledger wallet services may inadvertently land on this page, which closely mimics the appearance of official Ledger communications, including the use of subdomains like 'wallet-auth' to appear legitimate. If you have visited ledger-wallet-auth.pages.dev, cease all interaction immediately. Do not enter any credentials, wallet recovery phrases, or cryptocurrency-related information. Check your browser history to ensure no saved passwords or auto-filled data were submitted. Run a reputable antivirus scan and monitor your cryptocurrency wallets for unauthorized transactions. Report this domain to Ledger’s official support channels and consider using a dedicated password manager to avoid similar risks in the future. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.46.225 ## Detection Status - VirusTotal: 5 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/a044aac4-e926-4b94-9b7f-3b62b72f3cfe - PhishDestroy: https://phishdestroy.io/domain/ledger-wallet-auth.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ledger-wallet-auth.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledger-wallet-auth.pages.dev/ Last updated: 2026-03-22