# portal-live-ledgr-en-us.pages.dev — SUSPICIOUS

> portal-live-ledgr-en-us.pages.dev hosts a Google Trust Services SSL crypto drainer; 4/95 VirusTotal detections. Verify via PhishDestroy before interacting.

## Summary
PhishDestroy identifies portal-live-ledgr-en-us.pages.dev as an active cryptocurrency drainer site operating under a fraudulent Google Trust Services SSL certificate. The threat is categorized as a generic phishing attack specifically designed to intercept and drain digital assets from unsuspecting users. This domain does not impersonate a known brand outright but mimics the infrastructure and appearance of legitimate platforms, leveraging Cloudflare hosting to obscure its origins. The drainer kit likely employs JavaScript-based wallet drainers or clipboard hijackers to siphon funds from connected crypto wallets or transaction inputs.


Technical indicators for portal-live-ledgr-en-us.pages.dev reveal a VirusTotal detection score of 4/95 security vendors, indicating low but present risk awareness among scanning engines. The domain is registered through Cloudflare, Inc., with a resolved IP address of 172.66.47.166. The SSL certificate is issued by Google Trust Services, a tactic frequently abused by threat actors to lend false credibility to fraudulent sites. While the exact creation date is not provided, the presence of a Cloudflare Pages deployment suggests recent establishment. Google Safe Browsing (GSB) has flagged this domain, and it appears on at least one blocklist, though the precise count varies by feed. The combination of Cloudflare hosting, a Google-issued SSL certificate, and partial detection coverage highlights the sophisticated evasion techniques employed by this campaign.


The domain remains active at the time of this report, with no evidence of takedown by hosting providers or certificate authorities. PhishDestroy's forensic analysis confirms the elevated risk due to the drainer functionality and SSL abuse. Users are strongly advised to avoid interacting with this domain or any pages linked from it. Immediate actions include blocking the IP 172.66.47.166 and domain at network and endpoint levels. The remaining risk is assessed as elevated due to the domain's active status, partial detection coverage, and use of reputable infrastructure providers. Continuous monitoring is recommended to detect any shifts in hosting or certificate usage. Organizations should update blocklists with this domain and IP to prevent accidental exposure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.166

## Detection Status
- VirusTotal: 4 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/portal-live-ledgr-en-us.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/portal-live-ledgr-en-us.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/portal-live-ledgr-en-us.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/portal-live-ledgr-en-us.pages.dev/
Last updated: 2026-04-02