# auth-ledger-live-io.pages.dev — SUSPICIOUS

> PhishDestroy warns: auth-ledger-live-io.pages.dev is a crypto drainer impersonating Ledger. Avoid this fake login page.

## Summary
PhishDestroy identifies auth-ledger-live-io.pages.dev as an active crypto drainer impersonating the Ledger brand, hosted on Cloudflare Pages and resolving to IP 188.114.96.3. This domain employs SSL encryption via Google Trust Services, which is a common tactic to appear legitimate while facilitating credential theft and cryptocurrency theft. The site specifically targets Ledger users by mimicking authentication pages, likely aiming to capture private keys or seed phrases under the guise of a security update or login portal. Security researchers note that such crypto drainers often redirect victims to malicious smart contracts or wallet drainer scripts upon credential submission, resulting in irreversible fund losses. This domain was flagged with 0/95 VirusTotal detections at the time of analysis, indicating it remains undetected by some antivirus engines despite its malicious intent.  

Technical evidence supporting this assessment includes the domain's registration through Cloudflare, Inc., a common choice among threat actors due to Cloudflare's privacy protections and abuse mitigation delays. The SSL certificate issued by Google Trust Services creates a false sense of security, as encrypted connections do not guarantee legitimacy. The domain resolves to IP 188.114.96.3, which is associated with Cloudflare's infrastructure, further obscuring the true origin. While no blocklist detections are recorded in this snapshot, the absence of detections does not equate to safety, as many crypto drainers evade detection until widespread reports trigger updates. The specific threat here is not merely phishing but an advanced crypto drainer designed to harvest sensitive wallet data and potentially execute automated fund transfers.  

If you visited auth-ledger-live-io.pages.dev, PhishDestroy recommends immediate action. Disconnect any connected wallets and revoke any permissions granted to suspicious domains via your wallet's connection settings. Scan your device for malware using reputable antivirus software like Malwarebytes or ESET, as crypto drainers often deploy keyloggers or clipboard hijackers. Never enter seed phrases, private keys, or wallet passwords on untrusted sites, even if the connection is encrypted. Verify all Ledger-related URLs by visiting the official website (ledger.com) directly, never through third-party links. Report this domain to PhishDestroy and relevant authorities like CERT or Chainalysis to aid in its takedown. Stay vigilant: crypto drainers evolve rapidly, and even verified domains can be compromised, so always cross-reference URLs before interacting.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ae8e4880-629f-42ac-bc3e-fa022fd47e87
- PhishDestroy: https://phishdestroy.io/domain/auth-ledger-live-io.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/auth-ledger-live-io.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/auth-ledger-live-io.pages.dev/
Last updated: 2026-03-22