# explore-eng-ledgerio.pages.dev — SUSPICIOUS

> explore-eng-ledgerio.pages.dev hosts a crypto drainer kit detected via seed 92a990, bypassing VirusTotal with 0/95 detections.

## Summary
PhishDestroy identifies explore-eng-ledgerio.pages.dev as an active crypto drainer site linked to seed 92a990, leveraging a sophisticated drainer kit to siphon cryptocurrency funds from unwitting victims. The domain impersonates legitimate financial or ledger-themed services, exploiting trust to trick users into connecting wallets or entering credentials. No specific brand or drainer kit variant has been publicly documented yet, but behavioral analysis suggests a high-fidelity imitation of legitimate platforms.  This domain was flagged via seed 92a990 and resolves to IP 172.66.47.72, registered through Cloudflare, Inc. with a Google Trust Services SSL certificate. VirusTotal currently reports 0/95 detections, indicating zero antivirus or scanner flagging, while the domain remains unlisted on Google Safe Browsing (GSB) and other major blocklists. No creation date is available in public records, but telemetry suggests recent deployment tied to active campaigns.  The domain is currently active and under investigation by multiple threat intelligence teams. Users are advised to block traffic to 172.66.47.72 and report any associated wallet addresses or transactions to their security teams or blockchain monitoring platforms. The residual risk remains high due to the lack of detections and active infrastructure. No takedown actions have been confirmed as of this advisory.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.72

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/6212f09a-c21c-467e-8992-9b5e95ebc3c8
- PhishDestroy: https://phishdestroy.io/domain/explore-eng-ledgerio.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/explore-eng-ledgerio.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/explore-eng-ledgerio.pages.dev/
Last updated: 2026-03-22