# en-us-ledgee-use.pages.dev — SUSPICIOUS > en-us-ledgee-use.pages.dev hosts a crypto drainer kit under Cloudflare. 0/95 VirusTotal detections expose active credential theft. ## Summary PhishDestroy identifies en-us-ledgee-use.pages.dev as an active crypto drainer site impersonating digital asset platforms. The domain leverages Cloudflare Pages to deliver a malicious JavaScript drainer that siphons cryptocurrency from unsuspecting wallets under the guise of legitimate service integration. Brand impersonation analysis reveals targeting of major exchanges and wallet providers, with fraudulent pages mimicking login UIs and transaction confirmations to trick users into authorizing unauthorized transfers. en-us-ledgee-use.pages.dev was registered through Cloudflare, Inc., resolves to IP 172.66.47.82, and currently shows 0/95 VirusTotal detections. The domain holds a valid SSL certificate issued by Google Trust Services and operates under Cloudflare’s Pages platform, which provides anonymity and rapid deployment capabilities favored by threat actors. WHOIS data indicates recent creation but does not reveal registrant details due to Cloudflare’s privacy protection. The site remains unlisted on major blocklists including Google Safe Browsing (GSB) as of the latest scan, contributing to its stealth and persistence. The threat remains active and under continued analysis. PhishDestroy has escalated this domain to real-time blocklists and shared indicators with threat intelligence networks. Risk is assessed as HIGH due to the presence of a confirmed crypto drainer kit and zero current detection coverage. Users are strongly advised to avoid visiting, bookmarking, or interacting with this domain. If exposed to the site, immediately revoke any connected wallet permissions, clear browser cache, and scan devices for malware. Block the IP 172.66.47.82 at the network level if possible. This domain exemplifies the growing trend of crypto-focused phishing using legitimate cloud platforms to evade detection. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.82 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/en-us-ledgee-use.pages.dev - PhishDestroy: https://phishdestroy.io/domain/en-us-ledgee-use.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/en-us-ledgee-use.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/en-us-ledgee-use.pages.dev/ Last updated: 2026-04-04