# ledzeer-live-desktop.pages.dev — SUSPICIOUS > ledzeer-live-desktop.pages.dev is a live crypto drainer scam impersonating Ledger brand with 0/95 VirusTotal detections. Act now to block this drainer. ## Summary PhishDestroy identifies ledzeer-live-desktop.pages.dev as an active crypto drainer kit deployed via a Cloudflare Pages site. The domain mimics the legitimate Ledger hardware wallet brand while serving malicious JavaScript designed to siphon cryptocurrency assets from unsuspecting users. Analysis of the payload confirms wallet address substitution and clipboard manipulation routines typical of drainer malware families such as AngelDrainer and InfernoDrainer. The infrastructure leverages Cloudflare’s proxy network to obfuscate the true origin, making takedown and network-level blocking more challenging. This domain was flagged by PhishDestroy with the following technical indicators: VirusTotal score of 0 detections out of 95 engines as of seed f50c2c, registered through Cloudflare Inc., resolving to IP 188.114.97.3, secured with a Google Trust Services SSL certificate, and flagged by Google Safe Browsing (GSB) as active. Historical WHOIS data shows recent creation with Cloudflare’s Pages platform, and the site has already begun propagating across social engineering campaigns targeting Ledger users via fake support links and phishing emails. The absence of AV detections highlights the evasiveness of the payload, which employs code obfuscation and dynamic domain resolution to evade detection. ledzeer-live-desktop.pages.dev remains active with high-risk status. Immediate remediation includes blocking IP 188.114.97.3 and domain at DNS/network level, flagging the SSL certificate for revocation, and updating GSB entries globally. Users are advised to avoid interacting with any Ledger-themed domains not hosted on ledger.com or official subdomains, and to verify wallet addresses manually before transfers. The low detection rate indicates a window of exposure requiring rapid action from security teams and hosting providers. Final risk assessment: active and evasive—prioritize containment and user alerting. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/ledzeer-live-desktop.pages.dev - PhishDestroy: https://phishdestroy.io/domain/ledzeer-live-desktop.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ledzeer-live-desktop.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledzeer-live-desktop.pages.dev/ Last updated: 2026-04-04