# ligjre-livelogiin.pages.dev — SUSPICIOUS > ligjre-livelogiin.pages.dev actively hosts a crypto drainer kit impersonating LiveLogiIn services. VirusTotal shows 0/95 detections. Block immediately. ## Summary PhishDestroy identifies the active crypto drainer domain ligjre-livelogiin.pages.dev, currently under investigation for deploying malicious JavaScript to siphon cryptocurrency from unsuspecting victims. The threat actor is impersonating LiveLogiIn services, a legitimate logistics support platform, to lure users into connecting their wallets under false pretenses. The domain leverages Cloudflare Pages for rapid deployment and obfuscation, making it difficult for traditional security tools to detect its malicious intent immediately. Initial analysis suggests the drainer kit is designed to target Ethereum and other EVM-compatible networks, with capabilities to interact with wallet extensions like MetaMask and WalletConnect. This domain was flagged with a VirusTotal detection score of 0/95 as of the latest scan, indicating it remains undetected by most antivirus engines. It is registered through Cloudflare, Inc., resolving to IP 188.114.97.3, and secured with a Google Trust Services SSL certificate. The domain was created recently, though the exact creation date is not publicly disclosed due to Cloudflare's privacy protections. Google Safe Browsing (GSB) has not yet flagged the domain, and it does not appear on major blocklists such as PhishTank or OpenPhish at the time of writing. The absence of detections highlights the sophistication of the campaign, which relies on short-lived infrastructure to evade detection. The current status of this campaign is active, with no immediate takedown or blocklist intervention observed. PhishDestroy recommends immediate blocking of the domain ligjre-livelogiin.pages.dev at the network level, alongside the associated IP 188.114.97.3, to prevent further victimization. Users should exercise extreme caution when encountering links or advertisements claiming to offer LiveLogiIn services, especially those involving cryptocurrency transactions. Remaining risk is assessed as high due to the domain's active status, lack of detections, and potential for rapid expansion to other platforms or services. Continuous monitoring and proactive threat hunting are advised to mitigate the impact of this and similar campaigns. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/ligjre-livelogiin.pages.dev - PhishDestroy: https://phishdestroy.io/domain/ligjre-livelogiin.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ligjre-livelogiin.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ligjre-livelogiin.pages.dev/ Last updated: 2026-04-04