# apps-liveledgr-eng.pages.dev — SUSPICIOUS

> PhishDestroy identifies apps-liveledgr-eng.pages.dev as a crypto drainer phishing site. Flagged by 0 of 95 VirusTotal vendors, mimicking Ledger.

## Summary
PhishDestroy identifies the domain apps-liveledgr-eng.pages.dev as a crypto drainer phishing site actively impersonating the Ledger brand to deceive cryptocurrency users. This domain is currently flagged as an active threat under investigation, with confirmed malicious infrastructure designed to drain user funds through fraudulent authentication portals. The threat actor leverages Cloudflare Pages to host the phishing content, exploiting legitimate services to evade detection. Users interacting with this domain risk exposing private wallet keys or seed phrases to attackers.

This domain was flagged by 0 of 95 VirusTotal security vendors at the time of analysis, indicating low detection coverage despite its malicious intent. The domain is registered through Cloudflare, Inc., resolving to IP address 172.66.47.138 under a Google Trust Services SSL certificate. While the exact creation date remains unverified, the infrastructure exhibits characteristics consistent with recent phishing campaigns targeting cryptocurrency holders. The absence of VirusTotal detections suggests a need for heightened user vigilance and proactive blocking measures.

The current status of apps-liveledgr-eng.pages.dev remains active, with no confirmed takedown at this time. PhishDestroy recommends users and organizations immediately block this domain at the network perimeter and avoid accessing it via any link or email attachment. If exposure has occurred, users should revoke any entered credentials, transfer assets to a new wallet, and conduct a forensic audit of device security. Report this domain to your email provider, security vendor, and Ledger’s official phishing reporting channels to aid in global threat intelligence sharing.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.138

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/fc5243a3-f3b1-4564-9cad-9cf9aab3c8ce
- PhishDestroy: https://phishdestroy.io/domain/apps-liveledgr-eng.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/apps-liveledgr-eng.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/apps-liveledgr-eng.pages.dev/
Last updated: 2026-03-29