# unpayoffldger.org — MALICIOUS > unpayoffldger.org is a crypto drainer phishing domain flagged by 6/95 VirusTotal vendors. This fraudulent site mimics Ledger hardware wallets to steal. ## Summary PhishDestroy identifies the domain unpayoffldger.org as an active crypto drainer posing as a Ledger wallet service. The site is designed to trick cryptocurrency users into connecting their wallets and authorizing unauthorized transactions, resulting in direct asset theft. Security researchers have documented similar attack chains where victims are lured via fake airdrop campaigns, fraudulent wallet updates, or cloned support pages, with the malicious payload delivered through JavaScript libraries that intercept wallet connection requests and manipulate transaction approvals. This domain was flagged by six out of ninety-five VirusTotal security vendors, placing it in the elevated risk category. The domain resolves to IP address 198.251.84.200 and was registered on January 17, 2026 through Dynadot Inc using a Let’s Encrypt SSL certificate, which is commonly abused to appear legitimate. The low detection rate on public scanners combined with the recent registration date suggests this is a newly deployed threat likely targeting users during increased crypto market volatility. Technical analysis of unpayoffldger.org reveals infrastructure consistent with modern crypto-draining operations. The domain’s SSL certificate issued by Let’s Encrypt further lowers user suspicion despite malicious intent. The low VirusTotal detection rate (6/95) indicates that signature-based defenses are not yet widely blocking this threat. The domain’s recent creation date—just days ago—suggests it may be part of a rapidly expanding campaign. Unlike traditional phishing aimed at credentials, this attack specifically targets blockchain wallet connections, enabling direct fund extraction without needing passwords. The use of a reputable registrar (Dynadot) complicates takedown efforts, as malicious actors often exploit bulk registration and privacy protection features. Security teams monitoring cryptocurrency-related domains should prioritize this indicator due to its active status and low detection footprint. Users who visited unpayoffldger.org should immediately disconnect any connected hardware or software wallets and revoke any unintended permissions using tools like the Ledger Live app or wallet-specific permission managers. Scan all connected devices for malware using updated antivirus software, as crypto drainers often bundle info-stealers or clipboard hijackers. Report the domain to your wallet provider and to platforms like URLVoid or PhishTank to help block future access. Enable transaction approval confirmations on device and disable auto-connection features in wallets to reduce exposure to such attacks. If you entered any recovery phrases or private keys, rotate them immediately and transfer remaining funds to a newly initialized, isolated wallet. Remain vigilant for follow-on phishing campaigns exploiting this exposure. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-01-17 19:47:48 - Registrar: Dynadot Inc - IP: 198.251.84.200 ## Detection Status - VirusTotal: 6 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/9cecd55e-a2e1-42a4-b94d-7aa90778e6f3 - PhishDestroy: https://phishdestroy.io/domain/unpayoffldger.org/ - LLM endpoint: https://phishdestroy.io/domain/unpayoffldger.org/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/unpayoffldger.org/ Last updated: 2026-03-23