# enusappledger.pages.dev — SUSPICIOUS

> enusappledger.pages.dev is a live crypto drainer using a Google Trust Services certificate. VirusTotal flags it with just 1/95 detections.

## Summary
PhishDestroy identifies enusappledger.pages.dev as an active crypto drainer leveraging a Pages.dev subdomain to impersonate legitimate financial services. The threat actor likely uses a drainer kit capable of intercepting crypto wallet transactions in real time, targeting users under the guise of Apple-related financial services. No specific drainer variant was observed in current telemetry, but the domain’s structure suggests a recent deployment targeting cryptocurrency holders.  This domain resolves to IP address 172.66.45.30 and is registered through Cloudflare, Inc. The SSL certificate is issued by Google Trust Services, which may be abused to bypass security controls. VirusTotal analysis shows only 1 out of 95 security vendors have flagged this domain as malicious. Historical data indicates recent creation and limited exposure, with no confirmed sightings in major threat intelligence feeds beyond the single detection.  The domain remains active as of the latest scan, with no evidence of takedown or remediation. Immediate response includes blocking the domain at DNS and network levels, revoking associated SSL certificates, and alerting downstream users. While the current risk is elevated due to the drainer’s operational status, the low detection rate suggests potential for broader compromise. Continuous monitoring and proactive threat hunting are recommended to identify related infrastructure and mitigate further exposure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.45.30

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/e104e027-cb25-46dd-83cc-784596163efc
- PhishDestroy: https://phishdestroy.io/domain/enusappledger.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/enusappledger.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/enusappledger.pages.dev/
Last updated: 2026-03-21