# en-lives-leadgr.pages.dev — SUSPICIOUS > en-lives-leadgr.pages.dev is a crypto drainer scam flagged by 2 of 95 VirusTotal vendors. Avoid this site to prevent cryptocurrency theft. ## Summary PhishDestroy identifies en-lives-leadgr.pages.dev as an active crypto drainer scam site. This domain was flagged by Google Trust Services for SSL certification but also drew suspicion from 2 of 95 VirusTotal security vendors, indicating elevated risk. The site is registered through Cloudflare, Inc., resolves to IP 172.66.47.182, and operates under the Pages.dev subdomain of Cloudflare Pages, a platform often exploited for malicious deployments. Registered via Cloudflare, Inc., this domain exhibited immediate red flags due to its low trust score among security vendors. With 2 of 95 VirusTotal vendors marking it as malicious, the site’s link to cryptocurrency drainer schemes—likely disguised as lead generation or live event content—poses a direct threat to users’ digital assets. Given the domain’s active status and the absence of legitimate branding or safeguards, PhishDestroy recommends immediate blocking and avoidance of this site to prevent potential cryptocurrency theft. Threat analysis reveals a clear pattern of abuse: Cloudflare Pages’ free tier enables rapid deployment of malicious pages, while the low VirusTotal detection rate suggests the scam is either new or evasive. The site’s SSL certificate from Google Trust Services adds a veneer of legitimacy, misleading users into trusting the content. However, the lack of verifiable branding or secure infrastructure underscores the elevated risk of crypto drainer activity. Technical indicators include the domain’s recent deployment, reliance on Cloudflare’s infrastructure, and the specific IP address (172.66.47.182) associated with malicious activity. Users should treat this site with extreme caution, as it is designed to deceive visitors into connecting cryptocurrency wallets or entering sensitive credentials. Blocking the domain at the network level and reporting it to security vendors are critical steps to mitigate further exposure. Risk assessment places this domain at an elevated threat level due to its active status, low detection rate, and alignment with crypto drainer tactics. The lack of transparency, combined with the domain’s association with Cloudflare’s ecosystem, increases the likelihood of successful attacks. Users interacting with this site risk immediate financial loss, as crypto drainers are engineered to siphon funds without user consent. Concrete recommendations include blocking the domain at the firewall or DNS level, avoiding any interactions with the site, and reporting it to security platforms like VirusTotal or PhishDestroy. Users with cryptocurrency holdings should verify the legitimacy of any ‘lead generation’ or ‘live event’ content before engaging. Organizations should update threat intelligence feeds to include this domain and propagate blocks across all endpoints to prevent accidental exposure. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.182 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/d1263c15-2d90-47b9-bfd3-33c93e0973d3 - PhishDestroy: https://phishdestroy.io/domain/en-lives-leadgr.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/en-lives-leadgr.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/en-lives-leadgr.pages.dev/ Last updated: 2026-03-22