# PhishDestroy threat dossier — live-ioldgr.pages.dev ================================================================ Fetched: 2026-04-25 15:42:42 UTC Canonical: https://phishdestroy.io/domain/live-ioldgr.pages.dev/ ## VERDICT ---------------------------------------------------------------- CRITICAL THREAT — DO NOT VISIT Composite threat score: 82/100 (PhishDestroy scoring — see methodology below) Scam classification: Impersonation Targeted brand: Ledger ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 0/95 security vendors flagged this domain ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 188.114.97.3 Registrar: Cloudflare, Inc. Nameservers: ishaan.ns.cloudflare.com, rosalyn.ns.cloudflare.com Registered: 2026-04-25 Page title: Ledger Live Integrations | Official Developer Portal for Secure Crypto Development HTTP response: 200 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Google Trust Services / WE1 Expires: 2026-07-15 Status: INVALID chain Fingerprint: d52afba3d1fe710c2fa9cabb4fb08bfcace204e2f68ad4b8e9713929a6221045 ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-04-25 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-04-25 13:22:55 UTC (by PhishDestroy tracker) Last verified: 2026-04-25 16:00:12 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019dc429-126c-7248-bd77-594781ba3ce4/ Wayback Machine: https://web.archive.org/web/*/live-ioldgr.pages.dev crt.sh CT logs: https://crt.sh/?q=%25.live-ioldgr.pages.dev Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=live-ioldgr.pages.dev AlienVault OTX: https://otx.alienvault.com/indicator/domain/live-ioldgr.pages.dev URLhaus: https://urlhaus.abuse.ch/host/live-ioldgr.pages.dev/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-04-25 13:23:39 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] PhishDestroy identifies live-ioldgr.pages.dev as an active phishing domain, currently under investigation but confirmed to pose a generic phishing threat. This domain leverages Cloudflare Pages for hosting and is associated with IP address 188.114.97.3. The domain relies on a Google Trust Services SSL certificate, which may be abused to lend false legitimacy to its operations. live-ioldgr.pages.dev exhibits minimal detection coverage at present, with zero out of 95 engines on VirusTotal flagging it as malicious. Registration was processed through Cloudflare, Inc., a common provider for phishing infrastructure due to its anonymity protections and rapid deployment capabilities. The domain resolves to IP 188.114.97.3, a Cloudflare IP range frequently associated with abusive content including phishing and malware distribution. No known blocklist entries or historical detections were identified at the time of analysis. The use of Google Trust Services for SSL validation further complicates detection, as the certificate itself is legitimate but issued to a malicious actor-controlled domain. To mitigate exposure, users must avoid clicking links to live-ioldgr.pages.dev or submitting any credentials through it. Organizations should configure email security gateways to block inbound messages referencing this domain or its IP (188.114.97.3). DNS filtering solutions should be updated to include live-ioldgr.pages.dev in blocklists. If this domain is encountered internally, isolate affected systems and inspect for signs of credential harvesting or malware delivery. Given the low detection rate, proactive blocking is essential to prevent successful exploitation. ## EVIDENCE HASHES ---------------------------------------------------------------- TLS cert SHA-256: d52afba3d1fe710c2fa9cabb4fb08bfcace204e2f68ad4b8e9713929a6221045 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/live-ioldgr.pages.dev/ JSON API: https://api.destroy.tools/v1/check?domain=live-ioldgr.pages.dev Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 131,000+ phishing domains. Confirmed takedowns: 91,000+. Site: https://phishdestroy.io