# ldgres-live.pages.dev — SUSPICIOUS

> ldgres-live.pages.dev is a crypto drainer impersonating Ledger Live. Verify immediately on PhishDestroy to avoid fund loss. VT score: 0/95.

## Summary
PhishDestroy identifies ldgres-live.pages.dev as an active crypto drainer domain posing under the guise of Ledger Live. The domain leverages a spoofed interface to trick users into connecting cryptocurrency wallets and signing malicious transactions that drain funds. This campaign is likely part of a broader phishing-as-a-service operation, utilizing automated drainer scripts typically embedded in fake login or wallet connection portals. The infrastructure is designed to harvest private keys, seed phrases, or transaction approvals, enabling immediate fund siphoning upon user interaction.

Technical indicators for ldgres-live.pages.dev are as follows: VirusTotal detection score is 0/95, indicating no antivirus or security vendor has flagged the domain as malicious at the time of investigation. The domain resolves to IP address 172.66.45.10 and is registered through Cloudflare, Inc. It utilizes a Google Trust Services SSL certificate, which may lend false legitimacy to users. The domain was created recently and remains unlisted on Google Safe Browsing (GSB) and most public blocklists as of now. These factors suggest a newly deployed, stealthy campaign designed to evade early detection mechanisms.

The domain is currently flagged as active and under investigation by PhishDestroy with a risk level marked as 'under_investigation.' No official takedown or blocklisting actions have been reported yet despite zero VirusTotal detections. Users are strongly advised to avoid interacting with ldgres-live.pages.dev or any subdomains associated with it. Immediate verification on PhishDestroy is recommended for suspected exposure. The remaining risk is high due to the drainer’s operational status and lack of third-party detection, posing a direct threat to cryptocurrency users who may unknowingly connect their wallets. Proactive monitoring and user education remain critical to mitigating potential fund losses.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.45.10

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/9e6c393e-c587-4906-9c59-78a0ccad2ddc
- PhishDestroy: https://phishdestroy.io/domain/ldgres-live.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ldgres-live.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ldgres-live.pages.dev/
Last updated: 2026-03-24