# new-ledgr-live-io-auth.pages.dev — SUSPICIOUS > new-ledgr-live-io-auth.pages.dev poses as a Ledger Live login portal but is a crypto wallet drainer scam. Blocked by MetaMask, it has 0/95 VirusTotal detections. ## Summary PhishDestroy identifies new-ledgr-live-io-auth.pages.dev as an active cryptocurrency wallet drainer posing under the guise of a Ledger Live authentication portal. This domain leverages social engineering to trick users into connecting their wallets, whereupon malicious scripts drain cryptocurrency assets directly. The infrastructure suggests a high degree of sophistication, utilizing Cloudflare’s services for domain resolution and Google Trust Services for SSL certification to appear legitimate. No known drainer kit fingerprint has been publicly associated with this domain, but its operational behavior aligns with established patterns in crypto drainer campaigns. This domain was flagged with a VirusTotal detection score of 0/95, indicating it has not yet been widely recognized by antivirus engines despite being active in the wild. It is registered through Cloudflare, Inc., resolving to IP 188.114.96.3, and is currently flagged on 1 security blocklist. While the SSL certificate is issued by Google Trust Services, which may lend an air of authenticity, the domain’s recent appearance and low detection rate underscore its potential evasion capabilities. The registration details, including registrar and infrastructure, align with known anonymity-preserving services commonly exploited by threat actors. The current status of new-ledgr-live-io-auth.pages.dev is active and under investigation, with MetaMask having already blocked access to the domain. Despite its low detection score, the domain remains a credible threat due to its specific targeting of cryptocurrency users and the use of legitimate-looking infrastructure. Users are advised to avoid interacting with this domain or any unsolicited login prompts claiming to be from Ledger Live. The remaining risk is assessed as moderate to high, given the potential for undetected drainer scripts to evolve and bypass security measures. Immediate action includes updating wallet software, enabling transaction alerts, and verifying all login portals through official channels. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["MetaMask"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/de674451-91f6-4f0c-b3ff-df802d008cfe - PhishDestroy: https://phishdestroy.io/domain/new-ledgr-live-io-auth.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/new-ledgr-live-io-auth.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/new-ledgr-live-io-auth.pages.dev/ Last updated: 2026-03-22