# support-ldgr-wallet.pages.dev — MALICIOUS > support-ldgr-wallet.pages.dev is a crypto drainer posing as Ledger Wallet support. Google Safe Browsing flags it for social engineering. ## Summary PhishDestroy identifies support-ldgr-wallet.pages.dev as an active crypto drainer site falsely impersonating Ledger Wallet support infrastructure. The domain leverages Cloudflare Pages hosting to deliver a sophisticated drainer kit designed to siphon cryptocurrency assets from unsuspecting users under the guise of technical assistance. Security researchers have linked this campaign to seed identifier b7e584, indicating a broader malicious operation targeting Ledger users through social engineering tactics. This domain exhibits multiple malicious indicators including a VirusTotal detection rate of 13 out of 95 security vendors, indicating significant but not universal recognition of its harmful nature. Registered through Cloudflare, Inc., it resolves to IP address 172.66.44.78 and operates under a Google Trust Services SSL certificate to appear legitimate. Google Safe Browsing classifies the domain under SOCIAL_ENGINEERING threats, confirming its use in deception-based attacks. The combination of Cloudflare hosting, legitimate SSL infrastructure, and targeted impersonation suggests an advanced threat actor employing professional hosting and security measures to evade detection while maintaining plausible deniability. As of current analysis, support-ldgr-wallet.pages.dev remains active and operational, presenting an ongoing risk to cryptocurrency users. Immediate action is recommended to block access to this domain at network and endpoint levels. Security teams should update blocklists with the IP address 172.66.44.78 and domain hash seed b7e584. Users are advised to verify support channels directly through Ledger's official website and never engage with unsolicited technical support offers. While the domain shows signs of active takedown resistance, the combination of Google Safe Browsing classification and moderate VirusTotal coverage provides sufficient grounds for effective mitigation. Remaining risk persists primarily through continued availability and potential domain variations, requiring sustained monitoring and proactive threat intelligence sharing. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.78 ## Detection Status - VirusTotal: 13 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/0d6daf10-ef2d-4c24-970b-fb6cd08f1b71 - PhishDestroy: https://phishdestroy.io/domain/support-ldgr-wallet.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/support-ldgr-wallet.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/support-ldgr-wallet.pages.dev/ Last updated: 2026-03-22