# ledgrr-seo-livee.pages.dev — SUSPICIOUS

> Alert: The domain ledgrr-seo-livee.pages.dev is actively pushing a crypto drainer kit that impersonates Ledger wallets.

## Summary
PhishDestroy identifies ledgrr-seo-livee.pages.dev as a live crypto-drainer phishing domain deployed under Cloudflare Pages. The campaign mimics legitimate Ledger wallet interfaces, intercepting transaction approvals to divert funds. The page leverages a generic drainer kit embedded in a spoofed onboarding flow, where users are prompted to ‘update firmware’ or ‘restore wallet’—standard social-engineering lures for seed exfiltration. This infrastructure is being re-used across multiple brand-impersonation phishing kits, indicating a tooling-as-a-service model rather than a single-instance attack.  

Technical indicators align with emerging bulk phishing hosts: VirusTotal shows 0/95 detection coverage and Google Safe Browsing has not yet flagged the domain. Resolution leads to 188.114.96.3, an anycast IP hosted on Cloudflare’s edge network. The domain was created through Cloudflare, Inc. and resolves to a Pages.dev subdomain—typical of turnkey phishing kits that bypass traditional hosting gatekeepers. Despite the absence of blacklist coverage, the drainer’s persistence suggests active refinement and bypass of static detection layers.  

At the time of analysis, the domain remains active and under investigation. PhishDestroy has flagged the infrastructure and coordinated takedown with Cloudflare’s abuse team. Users should avoid interacting with any links from this host and verify suspected URLs via PhishDestroy’s real-time scanner before entering credentials or approving transactions. Although risk is currently classified as under_investigation, the combination of low VT score, untouched GSB status, and use of a crypto-drainer template indicates a high likelihood of active deployment against cryptocurrency users.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/6aae24e5-c5d3-45f7-ad1d-45884a90f636
- PhishDestroy: https://phishdestroy.io/domain/ledgrr-seo-livee.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledgrr-seo-livee.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledgrr-seo-livee.pages.dev/
Last updated: 2026-03-24