# io-en-ledrlive-walet.pages.dev — MALICIOUS

> io-en-ledrlive-walet.pages.dev is a confirmed phishing site. Learn how it tricks users and steps to take if you visited this dangerous domain.

## Summary
PhishDestroy identifies io-en-ledrlive-walet.pages.dev as a high-risk phishing domain designed to deceive users into compromising their personal information. Despite being recently created on February 21, 2026, this domain has already been flagged by multiple security services and appears on at least one security blocklist, underscoring its malicious intent. Currently offline, the site was flagged by 14 out of 95 security vendors on VirusTotal and registered through Cloudflare, a common platform abused by fraudsters due to its ease of setup and anonymity.

This phishing scheme likely operates by mimicking legitimate wallet or financial services to lure victims into submitting sensitive credentials or private keys. The domain name’s structure and keywords such as "ledrlive" and "walet" suggest an attempt to impersonate wallet-related platforms, increasing the likelihood of users being tricked into trusting the site. Once users submit their data, attackers can exploit the information for identity theft or unauthorized transactions.

If you have visited io-en-ledrlive-walet.pages.dev, it is crucial to act promptly. Avoid providing any personal or financial information on suspicious sites. Change passwords associated with any accounts that might have been exposed and monitor financial statements for unusual activity. Additionally, enable two-factor authentication where possible to add an extra layer of security. Reporting the incident to your security provider and staying informed through trustworthy sources like PhishDestroy can help prevent further harm from phishing threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.79
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["rose.ns.cloudflare.com", "byron.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019aa28e-8922-711e-bfaf-15191acc3d87.png
- PhishDestroy: https://phishdestroy.io/domain/io-en-ledrlive-walet.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/io-en-ledrlive-walet.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/io-en-ledrlive-walet.pages.dev/
Last updated: 2026-03-19