# eng-ldgerlogn-get.pages.dev — SUSPICIOUS

> eng-ldgerlogn-get.pages.dev, a suspected crypto drainer phishing domain, resolved to 188.114.96.3. It mimics ledger login pages to trick users into revealing.

## Summary
PhishDestroy analysts identified eng-ldgerlogn-get.pages.dev as a live crypto-asset drainer phishing domain under active investigation for generic phishing tactics. This subdomain mimics legitimate Ledger wallet branding, using forged login interfaces to harvest user seed phrases and private keys, then draining assets to attacker-controlled wallets. Drainers frequently employ JavaScript obfuscation and real-time form validation to bypass traditional security controls, making user vigilance and client-side detection critical.  This domain was registered via Cloudflare on behalf of an unknown actor. VirusTotal currently shows 0/95 security vendor detections against a fresh submission of the domain, with no historical detections. It resolves to IP 188.114.96.3 (Cloudflare ASN 13335), secured by a Google Trust Services SSL certificate. The SSL certificate validity period spans 2024-07-18 to 2025-08-16, indicating recent provisioning and suggesting active campaign deployment. Google Safe Browsing (GSB) status remains unlisted as of the current evaluation window, and public blocklist enumeration shows zero third-party inclusion records at the time of analysis.  Current status is marked active under ongoing investigation; risk level is under_investigation, implying dynamic attribution and evolving payload analysis. No takedown actions have been publicly recorded, and the domain remains accessible via standard HTTP/HTTPS requests. Users are advised to block 188.114.96.3 at the network perimeter and inspect DNS resolution for eng-ldgerlogn-get.pages.dev. If exposed, users should immediately revoke all API keys, rotate wallet addresses, and perform a full device wipe. Remaining risk is moderate-to-high due to unpatched user trust in lookalike subdomains and the absence of real-time browser-based blocking. a9b067

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/eng-ldgerlogn-get.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/eng-ldgerlogn-get.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/eng-ldgerlogn-get.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/eng-ldgerlogn-get.pages.dev/
Last updated: 2026-04-05