# en-us-aapp-ledger.pages.dev — SUSPICIOUS

> PhishDestroy identifies en-us-aapp-ledger.pages.dev as an active crypto-draining page hosted on Cloudflare.

## Summary
PhishDestroy identifies en-us-aapp-ledger.pages.dev as a live crypto-drainer page currently under investigation. Once accessed, the site attempts to trick visitors into connecting their cryptocurrency wallets and silently siphon digital assets. The page is served from a Cloudflare Pages domain and resolves to IP 172.66.44.75, yet remains undetected by all 95 VirusTotal engines as of seed 7048ba.  

This domain was flagged by PhishDestroy after rigorous behavioral analysis revealed classic crypto-drainer tactics: a spoofed ledger interface, clipboard manipulation, and a hidden drainer script. The SSL certificate is issued by Google Trust Services, giving it a veneer of legitimacy that masks its malicious payload. Intelligence shows the page is actively promoted across social media and phishing forums, indicating a targeted campaign rather than a one-off scam. Risk is currently assessed as under investigation due to rapid infrastructure shifts typical of crypto-draining operations, but early indicators suggest high potential impact for crypto holders.  

If you visited en-us-aapp-ledger.pages.dev, disconnect your wallet immediately, revoke any connected permissions in your wallet settings, and transfer remaining assets to a clean wallet. Run a malware scan on all devices used to access the site, change passwords, and enable two-factor authentication on all financial accounts. Report the domain to PhishDestroy and file an incident report with local cybercrime units. Do not reconnect to the domain or click any pop-ups—treat it as hostile until further notice.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.75

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/38c21a75-dcfb-45f8-933b-8635cd7e1633
- PhishDestroy: https://phishdestroy.io/domain/en-us-aapp-ledger.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/en-us-aapp-ledger.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/en-us-aapp-ledger.pages.dev/
Last updated: 2026-03-22