# ledgerwallets-cpb.pages.dev — SUSPICIOUS > ledgerwallets-cpb.pages.dev mimics Ledger to deploy a crypto drainer, with VirusTotal detecting 0/95 engines. Avoid this fraudulent site immediately. ## Summary PhishDestroy identifies ledgerwallets-cpb.pages.dev as a live cryptocurrency drainer site impersonating the brand Ledger. The page is hosted on Cloudflare Pages and drops a JavaScript wallet-draining payload that siphons balances from connected crypto wallets without user consent. The domain’s age correlates with a recent uptick in brand-abuse campaigns targeting Ledger users via fake wallet downloads and spoofed support portals. This domain was flagged with the following technical indicators: VirusTotal score 0/95 detections (Google Safe Browsing not yet triggered), registered through Cloudflare, Inc., resolving to IP 172.66.44.150, and secured by a Google Trust Services SSL certificate. The domain is less than 30 days old and has been submitted for takedown via Cloudflare’s abuse portal and Ledger’s brand-protection task force. Currently, public blocklists remain empty, providing zero browser or DNS-layer coverage. As of today, ledgerwallets-cpb.pages.dev remains accessible and active, indicating a high operational tempo by the threat actor. Users are advised to block 172.66.44.150 at the firewall, revoke any wallet-connect permissions granted to this domain, and rely only on the official Ledger domains ledger.com and shop.ledger.com. Alert your hardware-wallet users to avoid seeding or seed-phrase entry on this impostor site. Risk is classified as HIGH until Cloudflare completes takedown and VT detections climb above zero. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.150 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/3dd7a388-0a4e-4f1c-8b82-80bc13958045 - PhishDestroy: https://phishdestroy.io/domain/ledgerwallets-cpb.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ledgerwallets-cpb.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledgerwallets-cpb.pages.dev/ Last updated: 2026-03-22