# ledgers-livoxx-eng.pages.dev — SUSPICIOUS

> ledgers-livoxx-eng.pages.dev hosts an active crypto drainer with 0/95 VirusTotal detections targeting digital assets. Verify before interacting.

## Summary
PhishDestroy identifies ledgers-livoxx-eng.pages.dev as an active crypto drainer domain impersonating Ledger Live services to steal cryptocurrency. This page.dev subdomain is being actively used to deploy malicious JavaScript designed to drain wallet funds upon connection. The threat is particularly dangerous as it masquerades as a legitimate Ledger integration, exploiting user trust in hardware wallet ecosystems. Technical indicators reveal this domain operates through Cloudflare's Pages service, resolving to IP 172.66.47.87 with a Google Trust Services SSL certificate, evading immediate detection while maintaining operational legitimacy through established infrastructure providers.

This domain was flagged with 0 detections out of 95 VirusTotal scans, was registered via Cloudflare, Inc., and remains unblocked at the time of analysis. The unique seed 5f8084 indicates this is part of an evolving campaign targeting cryptocurrency users. The absence of antivirus detection combined with trusted infrastructure highlights the sophisticated nature of this threat, which specifically targets users expecting safe Ledger Live integrations. The campaign's infrastructure choices suggest deliberate attempts to bypass initial security screening while maintaining persistent access to stolen funds.

Users who visited ledgers-livoxx-eng.pages.dev should immediately disconnect any connected wallets and transfer remaining funds to a newly created wallet. Scan all devices that accessed this domain using reputable antivirus software, particularly focusing on browser extensions that may have been compromised. Report any unauthorized transactions to your wallet provider and consider revoking any suspicious smart contract approvals. This threat demonstrates the ongoing evolution of cryptocurrency-focused malware, where attackers continuously adapt delivery methods to exploit user trust in legitimate services.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.87

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/53542252-161c-405d-8e1d-614bfa2f7e3e
- PhishDestroy: https://phishdestroy.io/domain/ledgers-livoxx-eng.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledgers-livoxx-eng.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledgers-livoxx-eng.pages.dev/
Last updated: 2026-04-12