# wallet-ledegrliv-us.pages.dev — MALICIOUS > Beware: wallet-ledegrliv-us.pages.dev is a crypto drainer impersonating Ledger wallets. 9/95 vendors flagged this fraudulent page—verify on PhishDestroy before. ## Summary PhishDestroy identifies wallet-ledegrliv-us.pages.dev as an active crypto drainer targeting cryptocurrency users. This malicious domain masquerades as a legitimate Ledger wallet interface to trick victims into connecting their wallets and authorizing unauthorized transactions. The threat actor employs a drainer kit designed to silently extract funds from connected wallets, leveraging social engineering tactics to deceive users into entering credentials or approving malicious transactions. This domain exhibits multiple concerning technical indicators. VirusTotal flags confirm detection by 9 out of 95 security vendors, highlighting its malicious nature. Registered through Cloudflare, Inc., the domain resolves to IP 172.66.44.155 and operates under a Google Trust Services SSL certificate. While the exact creation date remains unverified, its active status and inclusion in multiple blocklists underscore its persistent threat. The combination of a trusted SSL certificate and Cloudflare hosting adds a veneer of legitimacy, increasing the risk of successful deception. As of the latest assessment, wallet-ledegrliv-us.pages.dev remains active and poses an elevated risk to unsuspecting users. Immediate action is required to block this domain at the network perimeter and update endpoint protection rules. PhishDestroy recommends users verify the authenticity of any wallet-related domains before interacting with them. Remaining risk stems from the domain's ability to rapidly change infrastructure or employ new variants, necessitating continuous monitoring and proactive threat hunting efforts. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.155 ## Detection Status - VirusTotal: 9 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/8655c181-c834-472d-8ca4-391701f1e2f8 - PhishDestroy: https://phishdestroy.io/domain/wallet-ledegrliv-us.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/wallet-ledegrliv-us.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/wallet-ledegrliv-us.pages.dev/ Last updated: 2026-03-22