# ldger-live-en-us.pages.dev — SUSPICIOUS

> ldger-live-en-us.pages.dev is a crypto drainer impersonating Ledger Live. This active scam has 0/95 VirusTotal detections—verify on PhishDestroy before.

## Summary
PhishDestroy identifies ldger-live-en-us.pages.dev as an active crypto drainer impersonating Ledger Live, a hardware wallet brand. The domain leverages a deceptive subdomain structure (ldger- instead of ledger-) to mimic official branding. No specific drainer kit signatures were detected in available telemetry, but the site’s purpose aligns with clipboard hijackers and wallet-draining scripts commonly observed in Ledger-themed phishing campaigns. The infrastructure appears designed to harvest private keys or transaction approvals under the guise of software updates or account verification.


Technical indicators confirm this domain as high-risk. VirusTotal currently shows 0/95 detections (as of latest scan), indicating no antivirus or security vendor has flagged it yet. It is registered via Cloudflare, Inc., resolving to IP 172.66.44.175. The SSL certificate is issued by Google Trust Services, which does not inherently indicate legitimacy. The domain was created recently and remains unlisted on Google Safe Browsing (GSB). Blocklist monitoring shows zero current detections across major threat intelligence feeds, suggesting this campaign is either new or operating under the radar.


The domain is currently active and poses an immediate threat to cryptocurrency users, particularly Ledger hardware wallet owners. PhishDestroy has flagged this site as a generic phishing domain and initiated verification and takedown coordination with hosting and registrar providers. Despite low detection rates, the behavioral pattern and branding abuse warrant immediate caution. Users are advised to avoid clicking links to ldger-live-en-us.pages.dev, verify all URLs manually, and use PhishDestroy’s real-time scanner before entering any credentials or transaction data. Remaining risk is assessed as high due to active operation and lack of vendor coverage.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.175

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/2bc1a837-79d8-485e-9b09-65134d82300a
- PhishDestroy: https://phishdestroy.io/domain/ldger-live-en-us.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ldger-live-en-us.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ldger-live-en-us.pages.dev/
Last updated: 2026-03-24