# live-ledzar.pages.dev — SUSPICIOUS > PhishDestroy flags live-ledzar.pages.dev as an active crypto drainer kit impersonating Ledger Live. VirusTotal score: 2/95. Verify before engagement. ## Summary PhishDestroy identifies the domain live-ledzar.pages.dev as an active crypto drainer scam impersonating Ledger Live, a leading hardware wallet provider. This impersonation leverages a fraudulent web interface designed to deceive users into connecting their wallets and approving malicious token approvals that drain cryptocurrency assets. The attackers have deployed a drainer kit through a compromised or deceptive frontend hosted on a Cloudflare Pages subdomain, exploiting the trust associated with Ledger’s brand to increase credibility and click-through rates. This tactic is commonly observed in recent campaigns targeting users of major wallet providers, leveraging urgency and perceived legitimacy to bypass security awareness. This domain resolves to IP address 188.114.97.3 and is registered through Cloudflare, Inc., utilizing Cloudflare Pages to host the malicious content. According to VirusTotal, only 2 out of 95 security vendors have flagged this domain, indicating a low detection rate and high potential for evasion. The domain is equipped with a valid SSL certificate issued by Google Trust Services, which may further enhance its deceptive appearance by displaying a trusted padlock in browsers. Creation and hosting details suggest a recent deployment, likely within the last few weeks, designed to capitalize on current market trends or user behaviors. PhishDestroy notes that this site has not yet been widely blocked across major threat intelligence platforms, suggesting a need for immediate user vigilance and proactive blocking by security teams. As of the latest assessment, the domain remains active and continues to pose an elevated risk to cryptocurrency users, particularly those expecting legitimate Ledger Live interactions. PhishDestroy recommends blocking access to live-ledzar.pages.dev at the network and endpoint levels, and educating users to verify all URLs through trusted sources such as PhishDestroy’s database. While the current detection rate is low, rapid escalation in community reporting and threat intelligence sharing could lead to broader blocking. Remaining risk is elevated due to the use of a legitimate cloud service (Cloudflare Pages) and a trusted SSL certificate, which increases the likelihood of successful user deception. Users should treat any unsolicited links, especially those related to wallet connections, with extreme caution and always cross-verify the domain through official channels. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/c7769525-cd6f-493c-8b91-79a51b410765 - PhishDestroy: https://phishdestroy.io/domain/live-ledzar.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/live-ledzar.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/live-ledzar.pages.dev/ Last updated: 2026-03-22