# auths-liveledgir.pages.dev — MALICIOUS

> PhishDestroy warns: auths-liveledgir.pages.dev is a crypto drainer impersonating a login page. 12/95 security vendors flag this fraudulent domain.

## Summary
PhishDestroy identifies auths-liveledgir.pages.dev as an active crypto drainer phishing domain designed to steal cryptocurrency assets. This fraudulent site impersonates a legitimate login portal, tricking users into connecting their wallets and authorizing malicious transactions. The threat actor employs a drainer kit specifically engineered to drain crypto holdings from unsuspecting victims, leveraging deceptive domain naming and social engineering tactics to appear authentic. The domain’s structure suggests an attempt to mimic legitimate services, likely targeting users familiar with crypto platforms or login interfaces.


Technical indicators confirm this domain’s malicious intent. VirusTotal reports a detection score of 12 out of 95 security vendors, indicating moderate but significant suspicion. The domain resolves to IP address 188.114.97.3 and is registered through Cloudflare, Inc., which is often abused for phishing due to its privacy and anonymity features. The SSL certificate is issued by Google Trust Services, a tactic used to lend false legitimacy to the site. While the exact creation date is not provided, the presence of a Google Trust Services certificate suggests a relatively recent setup, as these certificates are typically short-lived in phishing campaigns. This domain has not been flagged by Google Safe Browsing (GSB) as of the latest data, but it has already been blacklisted by multiple threat intelligence feeds, highlighting its active malicious status.


The domain remains active and poses an elevated risk to users who may encounter it through phishing emails, social media links, or malicious advertisements. PhishDestroy has flagged this domain and assigned it a unique seed identifier (471e4c) for tracking and takedown purposes. Immediate actions include blocking the domain at the network level, revoking its SSL certificate, and coordinating with hosting providers to remove the site. Users are advised to avoid interacting with this domain and to verify any suspicious links using PhishDestroy’s verification tools or other reputable cybersecurity resources. The remaining risk is elevated due to the domain’s active status and the use of advanced evasion techniques, such as legitimate-looking SSL certificates and Cloudflare’s infrastructure. Continuous monitoring and proactive threat hunting are recommended to mitigate further exposure.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 12 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4b2e3ef1-2923-4556-825e-5e5dbc9425c6
- PhishDestroy: https://phishdestroy.io/domain/auths-liveledgir.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/auths-liveledgir.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/auths-liveledgir.pages.dev/
Last updated: 2026-03-22