# leowallet.pages.dev — SUSPICIOUS

> leowallet.pages.dev: crypto drainer targeting crypto wallets flagged by 0 of 95 VirusTotal vendors. Avoid urgent transfers.

## Summary
leowallet.pages.dev is an active crypto drainer site currently under investigation by PhishDestroy. This malicious domain employs sophisticated JavaScript to siphon cryptocurrency assets from unsuspecting wallet users without their consent. The threat involves unauthorized transaction approvals and hidden fund transfers, posing severe financial risks to cryptocurrency holders interacting with misleading wallet interfaces.  

This domain was flagged by 0 of 95 VirusTotal security vendors, indicating it currently evades detection by most antivirus engines. It was registered through Cloudflare, Inc. and resolves to IP address 188.114.96.3, backed by a Google Trust Services SSL certificate. The site leverages Pages.dev infrastructure, a platform frequently exploited for fraudulent distribution due to its free hosting and anonymity features. While creation date and blocklist count remain unverified at this stage, the absence of detections highlights a critical blind spot in threat intelligence coverage.  

Given the active status and crypto drainer functionality, users should immediately block access to leowallet.pages.dev and avoid any interaction with wallet-related prompts on this domain. Cryptocurrency users are advised to verify URLs via official sources, use hardware wallets, and enable transaction approval notifications. Security teams should monitor this domain closely and report findings to threat intelligence platforms to improve detection coverage. The risk profile may escalate pending further investigation.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/leowallet.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/leowallet.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/leowallet.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/leowallet.pages.dev/
Last updated: 2026-04-05