# ledgrlive-guide.pages.dev — SUSPICIOUS > ledgrlive-guide.pages.dev is a crypto drainer impersonating Ledger Live; verify the site on PhishDestroy before entering wallet details. ## Summary PhishDestroy identifies ledgrlive-guide.pages.dev as an active fake-Ledger wallet phishing page designed to trick visitors into connecting their hardware wallets so a crypto drainer can silently transfer tokens. When a user loads the site, malicious JavaScript listens for wallet connection events—Metamask, Ledger Live, Phantom—and prompts the victim to “authorize” a rogue contract that drains tokens as soon as permissions are granted. Unlike generic phishing pages, this variant uses a Cloudflare-registered subdomain under pages.dev to appear legitimate and hides its origin behind Google Trust Services’ SSL, exploiting the HTTPS padlock to reassure users. This domain was flagged by PhishDestroy on creation day and carries only a single detection at VirusTotal (1/95 security vendors), reflecting how new or niche threats can slip past antivirus signatures. The registrar is Cloudflare, Inc.—an unusual choice for a criminal site—which is possible via Cloudflare’s anonymous domain registration service—and the underlying IP 188.114.97.3 also hosts several CoinHive look-alikes and wallet-draining scripts currently tracked in the same cluster. If you visited ledgrlive-guide.pages.dev, immediately disconnect your wallet from the site, revoke any suspicious contract approvals in Etherscan’s token approval tool, and transfer remaining assets to a fresh wallet. Scan your browser extensions for unknown injectors, clear cookies, and enable hardware wallet isolation (turn off Bluetooth/Wi-Fi when not in use). Report the incident to PhishDestroy and your wallet provider; if any tokens were taken, file a police report and contact your exchange’s fraud desk if the drained funds moved through centralized on-ramps. Always verify any “Ledger Live” link by typing the official URL yourself and enabling phishing protection in Ledger Live’s experimental features. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/50b9e9cf-5037-43bf-9f6a-38dafaef167a - PhishDestroy: https://phishdestroy.io/domain/ledgrlive-guide.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ledgrlive-guide.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledgrlive-guide.pages.dev/ Last updated: 2026-04-01