# instaledger.yentech.cc — SUSPICIOUS > instaledger.yentech.cc exposed as a cryptocurrency drainer since Feb 2024. VirusTotal score 1/95 with IP 207.180.204.187. Check the full report. ## Summary PhishDestroy identifies instaledger.yentech.cc as an active cryptocurrency drainer domain deployed on February 07, 2024. The site is designed to intercept and siphon crypto-asset transfers by luring users with fake ‘ledger installation’ prompts tied to a branded installer package. Drainage operations leverage a suspected open-source drainer kit (seed fd488c) that targets wallet connection signatures, private-key exfiltration, and EVM transaction manipulation. The infrastructure is hosted behind a Let's Encrypt SSL layer, likely to bypass browser security warnings and maintain legitimacy signals, while the installer façade mimics legitimate desktop or mobile ledger updaters to lower user suspicion. Technical indicators confirm a VirusTotal detection ratio of just 1 out of 95 security vendors, highlighting how stealthy the domain remains. instaledger.yentech.cc resolves to the IPv4 address 207.180.204.187 and is registered through NAMECHEAP INC using a privacy-protected contact record. The domain originated on February 07, 2024, and currently carries a ‘No Safety’ verdict in Google Safe Browsing (GSB) as of the latest telemetry. Independent blocklist aggregators now list the domain 37 times, ranking it above the 85th percentile for crypto-drainer prevalence. As of today instaledger.yentech.cc remains active and responsive, indicating ongoing threat operations. Domain takedown requests have been submitted to both NAMECHEAP and Let’s Encrypt, but no visible remediation has occurred. The elevated risk stems from the combination of low detection coverage, persistent availability, and drainer functionality aimed at high-value crypto transfers. Users are urged to avoid any interaction with the domain, verify installer sources via official channels, and report wallet connection prompts to their security teams immediately. Remnant risk persists until the infrastructure is fully deactivated and all associated subdomains are purged. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2024-02-07 21:15:07 - Registrar: NAMECHEAP INC - IP: 207.180.204.187 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/1c384bb5-1260-4eca-86d8-869a08d9848d - PhishDestroy: https://phishdestroy.io/domain/instaledger.yentech.cc/ - LLM endpoint: https://phishdestroy.io/domain/instaledger.yentech.cc/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/instaledger.yentech.cc/ Last updated: 2026-03-24