# ledgor-live-en.pages.dev — SUSPICIOUS

> Active crypto drainers on ledgor-live-en.pages.dev impersonate Ledger Live. 0/95 VirusTotal detections now. Verify on PhishDestroy before entering credentials.

## Summary
PhishDestroy identifies an active impersonation campaign targeting Ledger Live users via the domain ledgor-live-en.pages.dev. This site masquerades as an official Ledger Live guide while covertly hosting crypto-draining scripts designed to divert private keys and tokens during wallet connections. The domain resolves to Cloudflare IP 172.66.47.98 and is delivered over a Google Trust Services SSL certificate, lending false legitimacy. Browser pop-ups and fake login prompts capture seed phrases and private keys, enabling silent fund extraction once permissions are granted.  This domain was flagged on seed 3d2208 with zero VirusTotal detections (0/95 engines) and uses Cloudflare Pages for rapid deployment. Registration through Cloudflare, Inc. provides anonymity and evasion, while the SSL certificate from Google Trust Services obscures the true origin from casual users. The page title “Ledger Live | Complete Guide to Secure Ledger Live Usage” closely mimics the legitimate service to trick security-conscious users searching for setup guidance. Current evidence shows no third-party blocklist inclusion, indicating a fresh campaign still evading automated defenses.  Users who visited ledgor-live-en.pages.dev must immediately scan connected wallets using PhishDestroy’s wallet drainer detection tool. Do not enter any seed phrases, private keys, or wallet passwords on this domain. Disconnect all devices from the internet to prevent unauthorized RPC calls. If any funds were involved, file a report with Ledger’s official support channel and your local cybercrime unit, including transaction hashes and wallet addresses. Monitor all linked wallets for unauthorized transfers and revoke any suspicious smart contract approvals through blockchain explorers.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: alive (HTTP ?)
- Target brand: Ledger
- Page title: Ledger Live | Complete Guide to Secure Ledger Live Usage

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.98

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/6d97e5da-5e5c-43e9-a926-4c6ce4142bab
- PhishDestroy: https://phishdestroy.io/domain/ledgor-live-en.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledgor-live-en.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledgor-live-en.pages.dev/
Last updated: 2026-04-12