# ledger-iio.pages.dev — SUSPICIOUS > ledger-iio.pages.dev is a crypto drainer phishing site impersonating Ledger. VirusTotal shows 0/95 detection rate. Check the full report. ## Summary PhishDestroy identifies ledger-iio.pages.dev as an active crypto drainer domain designed to steal cryptocurrency by impersonating the legitimate Ledger hardware wallet brand. This domain leverages malicious JavaScript to intercept and redirect cryptocurrency transactions to attacker-controlled wallets. Security researchers have flagged this domain as a high-risk threat due to its sophisticated evasion techniques, including the use of Cloudflare’s infrastructure to mask its true origin. The domain’s structure and naming convention are intentionally deceptive, aiming to exploit the trust associated with Ledger’s reputation in the crypto community. Evidence confirms this domain’s malicious intent, with VirusTotal currently showing 0 out of 95 detection engines flagging it as malicious—a concerning statistic given its known use as a crypto drainer. The domain resolves to IP address 172.66.47.199 and is registered through Cloudflare, Inc., which is commonly abused by threat actors to obfuscate their infrastructure. The domain’s SSL certificate is issued by Google Trust Services, further complicating detection for unsuspecting users who may assume the presence of a valid certificate implies trustworthiness. This combination of evasion tactics highlights the domain’s sophistication and the urgency for proactive monitoring and blocking. Users who have visited ledger-iio.pages.dev should immediately check their cryptocurrency wallets for unauthorized transactions or suspicious activity. If any unauthorized transactions are detected, users must revoke wallet access permissions, transfer remaining funds to a secure, offline wallet, and report the incident to their cryptocurrency exchange or wallet provider. Additionally, users should clear their browser cache and cookies, scan their devices with reputable antivirus software, and avoid interacting with any further prompts or redirects originating from this domain. For ongoing protection, consider using browser extensions or security tools that block known phishing and crypto drainer domains. For a detailed analysis and updated indicators of compromise, refer to the full threat report associated with this domain. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.199 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/609c85fc-2273-499f-8207-490f70b6707a - PhishDestroy: https://phishdestroy.io/domain/ledger-iio.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ledger-iio.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledger-iio.pages.dev/ Last updated: 2026-03-22