# io-en-liveledgr-us.pages.dev — SUSPICIOUS > io-en-liveledgr-us.pages.dev operates as a crypto drainer impersonating Ledger Live. VirusTotal shows 0/95 detections. ## Summary PhishDestroy identifies io-en-liveledgr-us.pages.dev as an active crypto drainer impersonating Ledger Live, posing a critical risk to cryptocurrency users. This domain leverages Google Trust Services SSL certificates via Cloudflare to appear legitimate while hosting malicious JavaScript designed to drain wallets. The infrastructure is hosted on IP 188.114.96.3, a known Cloudflare Anycast range frequently abused by threat actors to obfuscate malicious activity. This domain was flagged with 0/95 VirusTotal detections at time of analysis, indicating it remains undetected by most antivirus engines. Registered through Cloudflare, Inc., the domain resolves to IP 188.114.96.3 with no known inclusion on major blocklists at this time. The SSL certificate issued by Google Trust Services adds a false sense of security, while the .pages.dev subdomain under a legitimate Google domain lends credibility to phishing attempts. The absence of detections suggests this campaign is either newly deployed or employs sophisticated evasion techniques. Immediate mitigation for crypto drainer threats requires blocking the domain at DNS and network levels: add io-en-liveledgr-us.pages.dev to blocklists in firewall rules, DNS filtering systems, and browser security extensions. Users should verify all wallet-related domains through official Ledger channels and avoid clicking suspicious links. Report this domain to Ledger's fraud team and submit URLs to VirusTotal for reanalysis. Consider deploying behavioral detection rules to monitor for crypto wallet draining attempts across endpoints. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/io-en-liveledgr-us.pages.dev - PhishDestroy: https://phishdestroy.io/domain/io-en-liveledgr-us.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/io-en-liveledgr-us.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/io-en-liveledgr-us.pages.dev/ Last updated: 2026-04-10