# live-ioledgr.pages.dev — SUSPICIOUS

> Domain live-ioledgr.pages.dev hosts a Ledger-brand impersonation crypto drainer kit with 0/95 VirusTotal detections.

## Summary
Analysts at PhishDestroy identified the live-ioledgr.pages.dev domain as a Ledger brand impersonation site attempting to mimic the official Ledger Live wallet dashboard. The page title displayed—“Ledger Live | Official Cryptocurrency Wallet Dashboard”—mirrors legitimate branding to deceive visitors into connecting compromised wallets or entering sensitive seed phrases. At this time, no specific drainer kit payload has been extracted from the page, but the presence of wallet connection prompts and cryptocurrency-themed UI strongly suggests crypto-asset theft functionality under investigation.


The domain resolves to IP address 172.66.44.186 and is registered through Cloudflare, Inc. The SSL certificate is issued by Google Trust Services, increasing its appearance of legitimacy. As of the latest scan, VirusTotal returned 0 detections out of 95 engines, indicating this threat remains undetected by most antivirus platforms. Creation date and blocklist inclusion metrics are currently under further forensic review.


The domain remains active and continues to impersonate Ledger, posing an immediate risk to cryptocurrency users. Immediate containment measures include DNS blocking against 172.66.44.186 and domain-level blocking of live-ioledgr.pages.dev. Users are advised to verify all wallet connections using official Ledger applications and avoid accessing Ledger Live via third-party or external links. Remaining investigative priorities include identifying the drainer kit infrastructure and coordinating takedown with Cloudflare and Google Trust Services.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: alive (HTTP ?)
- Target brand: Ledger
- Page title: Ledger Live | Official Cryptocurrency Wallet Dashboard

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.186

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/59bc2cdb-2a1f-42e8-b33a-59676853732e
- PhishDestroy: https://phishdestroy.io/domain/live-ioledgr.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/live-ioledgr.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/live-ioledgr.pages.dev/
Last updated: 2026-04-12