# ledzor-io-live.pages.dev — SUSPICIOUS

> ledzor-io-live.pages.dev identified as a crypto-draining phishing domain. Zero detections on VirusTotal out of 95 engines as of seed 05ab75.

## Summary
PhishDestroy identifies ledzor-io-live.pages.dev as a live crypto-draining phishing domain mimicking the Ledger brand. The page is hosted on Cloudflare Pages and leverages a fake “LedZor” interface designed to siphon assets via wallet signature requests. No known drainer kit hash is publicly available, but the page structure suggests integration of a browser-based wallet exploit kit targeting MetaMask, Phantom, and WalletConnect users. The domain’s rapid deployment and HTTPS certificate issuance via Google Trust Services indicate an attempt to appear legitimate to non-technical users.


Technical indicators place this domain at high risk. VirusTotal currently shows 0/95 detections across all engines as of seed 05ab75, suggesting it is not yet widely blocked by security software. The domain was registered through Cloudflare, Inc., resolving to IP 172.66.47.101 on Cloudflare’s edge network. The page is served from Cloudflare Pages, a common platform abused for quick deployment of phishing kits. Google Safe Browsing (GSB) has not yet flagged this URL, and no third-party blocklist entries are known to security researchers. The SSL certificate was issued by Google Trust Services, enhancing its appearance of legitimacy.


Current status is active and under investigation by PhishDestroy’s threat intelligence team. Users are advised to block the domain at the network level and avoid visiting ledzor-io-live.pages.dev. Security teams should monitor for related domains registered via Cloudflare Pages using the pattern “[brand]-[alphanumeric]-pages.dev” and scan for similar crypto-draining payloads. Remaining risk is high due to low detection coverage and the use of Cloudflare’s infrastructure, which may delay takedown. Immediate action includes network blocking, browser blacklisting, and wallet user warnings to prevent asset loss.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.101

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/ledzor-io-live.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/ledzor-io-live.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledzor-io-live.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledzor-io-live.pages.dev/
Last updated: 2026-04-03