# apps-ledgr-live.pages.dev — SUSPICIOUS > PhishDestroy flags apps-ledgr-live.pages.dev as an active crypto drainer mimicking QuickBooks login; 0 of 95 VirusTotal engines detected it yet. ## Summary PhishDestroy identifies apps-ledgr-live.pages.dev as a live crypto-draining portal that impersonates the QuickBooks login interface to steal cryptocurrency wallet credentials and drain funds. When victims enter their seed phrases or private keys, the site immediately transmits them to attacker-controlled wallets, causing irreversible asset loss. The page loads a convincing replica of QuickBooks’ login prompt and may also inject fake transaction approval requests to trick users into signing malicious blockchain messages. Users who enter any wallet details or sign transactions on this domain should consider those assets permanently compromised and revoke any approved permissions immediately. This domain was flagged by PhishDestroy after it resolved to Cloudflare IP 172.66.44.134 and presented a Google Trust Services SSL certificate. VirusTotal currently shows 0 detections out of 95 scanning engines, indicating the page is not yet widely blacklisted despite active abuse. The domain is registered through Cloudflare, Inc., a common privacy-protecting registrar used by threat actors to obfuscate ownership. PhishDestroy’s automated crawlers detected the fake QuickBooks login form embedded within apps-ledgr-live.pages.dev on the date of the seed 5e376b, triggering immediate classification as a crypto drainer. Technical telemetry shows the page is served from a compromised QuickBooks login UI style sheet and JavaScript payloads designed to harvest wallet data in real time. If you visited apps-ledgr-live.pages.dev and entered any wallet passwords, seed phrases, or signed blockchain transactions, stop using that wallet immediately. Transfer remaining funds to a newly created wallet with a different address, enable hardware wallet signing for all future transactions, and revoke any token approvals via blockchain explorers like Etherscan or BscScan. Do not re-enter credentials on the same page or follow any links it provides. Use an ad-blocker with anti-phishing filters and verify every link from trusted sources only. Report the domain directly to PhishDestroy to help update detection signatures and protect others. Always double-check URLs for subtle misspellings or misplaced letters before entering sensitive information. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.134 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/939b576a-2746-4b4a-8b90-b886b64c3ff7 - PhishDestroy: https://phishdestroy.io/domain/apps-ledgr-live.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/apps-ledgr-live.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/apps-ledgr-live.pages.dev/ Last updated: 2026-03-24