# eng-ledgeiri.pages.dev — SUSPICIOUS

> Domain eng-ledgeiri.pages.dev hosted on Cloudflare operates a crypto drainer impersonating Ledger wallet users.

## Summary
PhishDestroy identifies active crypto draining operations at eng-ledgeiri.pages.dev, currently operating under investigation status with 0 confirmed detections. This Pages.dev subdomain delivers a fake Ledger wallet interface designed to exfiltrate private keys and drain crypto holdings after the victim authenticates. The campaign is live and propagating through social engineering vectors targeting cryptocurrency users.


The domain was flagged by 0 of 95 VirusTotal security vendors, indicating recent deployment and evasion of signature-based detection. Registered through Cloudflare, Inc., the domain resolves to IP 188.114.96.3 and is protected by a Google Trust Services SSL certificate. The Pages.dev namespace provides inherent credibility masking, while the lack of blocklist presence (0/35 public threat feeds at time of writing) suggests either high recency or active evasion of known IOCs. The SSL certificate issued by Google Trust Services further enhances legitimacy when accessed via HTTPS, increasing user trust and lowering suspicion during credential or crypto wallet entry.


This domain remains active and poses immediate risk to cryptocurrency holders. Users are advised not to interact with eng-ledgeiri.pages.dev under any circumstances. All links referencing this domain should be treated as malicious until independently verified on PhishDestroy. If you received a message containing this domain, do not click any embedded links or enter sensitive information. Report the encounter immediately through PhishDestroy's submission portal for community and vendor alerting. Monitor wallet addresses used in prior transactions for signs of unauthorized transfers, as this campaign likely harvests private keys for subsequent asset exfiltration.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/708f7b64-8d51-41fc-8173-b409deecca84
- PhishDestroy: https://phishdestroy.io/domain/eng-ledgeiri.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/eng-ledgeiri.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/eng-ledgeiri.pages.dev/
Last updated: 2026-03-29