# live-ledgers-live.pages.dev — SUSPICIOUS > live-ledgers-live.pages.dev is a crypto drainer scam hosted on Cloudflare Pages. Resolves to 172.66.46. ## Summary PhishDestroy identifies live-ledgers-live.pages.dev as an active crypto drainer campaign under investigation by threat intelligence teams. The domain leverages Cloudflare Pages for hosting and resolves to IP 172.66.46.221, with a Google Trust Services SSL certificate providing a veneer of legitimacy. As of current checks, VirusTotal reports 0 detections out of 95 engines, indicating this malicious infrastructure remains under the radar of most antivirus solutions. The absence of detections, combined with the use of a reputable CDN and SSL provider, suggests this campaign is designed to evade early-stage detection while targeting cryptocurrency users through deceptive wallet connection prompts. This domain was flagged for its association with crypto drainer activity, a rapidly growing threat where threat actors trick victims into connecting their wallets to fraudulent dApps or websites. The infrastructure relies on Cloudflare Pages for rapid deployment and evasion of traditional takedown mechanisms, while the Google Trust Services certificate (a common choice for phishing campaigns due to broad trust chains) further obfuscates malicious intent. The IP address 172.66.46.221 is part of Cloudflare’s infrastructure, which complicates direct IP-based blocking due to the shared nature of the service. At present, no known blocklists or threat intelligence feeds have flagged this domain, contributing to its low detection score. The campaign’s seed identifier (f53e65) suggests it may be part of a larger, coordinated operation, though further analysis is required to confirm attribution or infrastructure overlap with other active drainer campaigns. To mitigate risk, users must treat all unsolicited wallet connection requests with extreme caution. Never connect your wallet to unfamiliar dApps, websites, or links, even if they appear legitimate. Use hardware wallets for critical assets and enable transaction simulation tools to preview outgoing transactions before approval. Organizations should deploy advanced threat intelligence feeds that monitor for crypto drainer domains and implement DNS filtering to block known malicious infrastructure. Report suspicious domains to threat intelligence platforms like PhishDestroy to aid in early detection and disruption of these campaigns. Exercise heightened vigilance in cryptocurrency-related communications, as crypto drainers often masquerade as legitimate services (e.g., wallets, exchanges, or NFT platforms) to trick victims into authorizing malicious transactions. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.46.221 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/live-ledgers-live.pages.dev - PhishDestroy: https://phishdestroy.io/domain/live-ledgers-live.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/live-ledgers-live.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/live-ledgers-live.pages.dev/ Last updated: 2026-04-02