# engs-ledgerf.pages.dev — MALICIOUS > engs-ledgerf.pages.dev is a crypto drainer site flagged by 13 of 95 VirusTotal vendors. Immediate avoidance recommended. Check the full report. ## Summary engs-ledgerf.pages.dev is an active crypto drainer site currently distributing malicious payloads to unsuspecting users. The domain is flagged as a cryptocurrency drainer, a specialized form of phishing designed to steal digital assets by tricking users into connecting their wallets to fraudulent smart contracts or transaction interfaces. The threat is confirmed active and poses an elevated risk to visitors, particularly those in the cryptocurrency and DeFi communities who may be targeted through impersonation of legitimate financial platforms or services. PhishDestroy identifies that engs-ledgerf.pages.dev has been flagged by 13 of 95 VirusTotal security vendors, indicating significant malicious reputation across multiple detection engines. The domain is registered through Cloudflare, Inc., a common privacy-focused registrar used to obscure ownership details, and resolves to IP address 188.114.97.3, which is associated with malicious hosting infrastructure. The SSL certificate is issued by Google Trust Services, which does not imply trustworthiness of the site itself but enables encrypted malicious traffic. While the exact domain creation date is not provided, the combination of high VirusTotal detection rate, active status, and cryptocurrency-focused malicious intent strongly suggests recent deployment as part of a coordinated phishing campaign targeting digital asset users. The current status of engs-ledgerf.pages.dev remains active, with ongoing distribution likely through social engineering tactics such as fake airdrop announcements, impersonated wallet interfaces, or fraudulent transaction portals. Users are strongly advised to avoid visiting this domain entirely. If you have recently visited this site or interacted with it, disconnect your wallet immediately, revoke any unauthorized contract permissions via tools like revoke.cash, and scan your device for malware. Organizations and security teams should block this domain and IP at the network level to prevent further exposure. Continuous monitoring for new variants or related domains is recommended due to the evolving nature of crypto drainer campaigns. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 13 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/9242cbbf-a8a8-46d3-959a-a1547df99fd8 - PhishDestroy: https://phishdestroy.io/domain/engs-ledgerf.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/engs-ledgerf.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/engs-ledgerf.pages.dev/ Last updated: 2026-03-21