# en-liveledgr-apps.pages.dev — SUSPICIOUS > PhishDestroy warns: en-liveledgr-apps.pages.dev is a crypto drainer impersonating Ledger Live. Verify safety with PhishDestroy before entering credentials. ## Summary en-liveledgr-apps.pages.dev has been flagged for hosting a fake Ledger Live application designed as a cryptocurrency drainer. The domain leverages deceptive branding to trick users into connecting their wallets or entering seed phrases, enabling unauthorized fund transfers. This threat is classified as a high-risk crypto drainer due to its active impersonation of a legitimate hardware wallet ecosystem service. Security researchers observed this domain as part of a broader campaign targeting cryptocurrency users through fake mobile or desktop app interfaces. The domain’s rapid deployment and use of trusted infrastructure suggest an evolving evasion strategy aimed at bypassing traditional detection mechanisms. PhishDestroy identifies en-liveledgr-apps.pages.dev as a newly active crypto drainer with zero detections on VirusTotal out of 95 engines, indicating an early-stage threat not yet widely recognized. This domain resolves to IP address 172.66.44.227 via Cloudflare, Inc., which obscures the true origin while providing the attacker with high uptime and SSL encryption through Google Trust Services. The domain is hosted on Cloudflare Pages, a legitimate platform leveraged here for malicious intent due to its fast global distribution and free SSL certificates. With no current blocklist presence or community reports at the time of investigation, the threat remains undetected by major threat intelligence feeds. The use of a .pages.dev subdomain under Cloudflare’s free hosting service further lowers the barrier to deployment, allowing threat actors to rapidly cycle domains and infrastructure. To mitigate risk, users should avoid interacting with en-liveledgr-apps.pages.dev or any site prompting wallet connections or seed phrase entry outside official Ledger applications. Verify download sources exclusively through Ledger’s official website (ledger.com) or verified app stores. Use hardware wallets with secure screens, enable PIN protection, and verify transaction details before approval. Report suspected phishing to Ledger’s official support and PhishDestroy. Security teams should monitor for similar domains mimicking Ledger Live, especially on Cloudflare Pages or Google App Engine, and proactively block IP 172.66.44.227 and associated ASN ranges. Always use multi-signature wallets, limit exposed wallet balances, and enable transaction alerts to detect unauthorized activity promptly. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.227 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/5d4ea061-199b-4bcd-8bb4-82f14d914d6d - PhishDestroy: https://phishdestroy.io/domain/en-liveledgr-apps.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/en-liveledgr-apps.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/en-liveledgr-apps.pages.dev/ Last updated: 2026-03-26