# welcome-ledgr-live-io.pages.dev — SUSPICIOUS

> PhishDestroy identifies welcome-ledgr-live-io.pages.dev as a crypto drainer scam hosted on Cloudflare with 2 of 95 security vendors flagging it.

## Summary
PhishDestroy classifies welcome-ledgr-live-io.pages.dev as an active crypto drainer scam site posing as a fake Ledger Live portal. The domain leverages a Cloudflare Pages deployment to mimic legitimate cryptocurrency services, aiming to trick users into connecting wallet credentials or signing malicious transactions. No known brand impersonation (e.g., Ledger) is confirmed in this instance, suggesting the threat actor may be testing a generic drainer kit for broader deployment.  

This domain was flagged by VirusTotal with a detection score of 2 out of 95 security vendors, indicating low but concerning recognition. It is registered through Cloudflare, Inc., resolves to IP address 188.114.96.3, and holds a valid Google Trust Services SSL certificate—common tactics to appear legitimate. Additional technical indicators include deployment on Cloudflare Pages, which provides anonymity and rapid infrastructure changes. While the exact creation date is not publicly available, its active status and low VT score suggest recent deployment.  

As of the latest assessment, welcome-ledgr-live-io.pages.dev remains active and unblocked by major threat intelligence platforms. Users are strongly advised to avoid accessing the site and to report it via browser security tools or PhishDestroy’s submission portal. Although the current risk is elevated due to active hosting and low detection, proactive blocking of the IP and domain remains the most effective mitigation. Remaining risk includes potential expansion to other drainer variants or impersonation of major crypto brands.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/e86a5deb-571f-4593-8590-145db701febb
- PhishDestroy: https://phishdestroy.io/domain/welcome-ledgr-live-io.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/welcome-ledgr-live-io.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/welcome-ledgr-live-io.pages.dev/
Last updated: 2026-03-22