# live-eng-legr.pages.dev — SUSPICIOUS

> live-eng-legr.pages.dev linked to a crypto drainer kit dropping 0/95 on VirusTotal. Immediate analysis advised. Check the full report.

## Summary
live-eng-legr.pages.dev has been identified by PhishDestroy as a crypto-currency drainer domain actively hosting phishing content. The site masquerades under the guise of a live engagement portal, likely targeting cryptocurrency users or investors through deceptive prompts to connect wallets or enter private keys. No specific brand or service affiliation has been confirmed; however, the drainer kit appears to be a generic implementation designed to siphon digital assets upon interaction. The infrastructure suggests an opportunistic campaign rather than a targeted brand impersonation, with attacker focus on evasion and rapid deployment.

Technical indicators for this domain reveal a concerning lack of detection at present, with VirusTotal showing 0 out of 95 engines flagging the domain. The site resolves to IP 188.114.97.3, hosted via Cloudflare, Inc., with a Google Trust Services SSL certificate issued for domain validation. The domain was registered through Cloudflare and is currently under investigation with no confirmed creation date available in public records. Google Safe Browsing (GSB) has not yet blacklisted this domain, and no current blocklist presence is documented. The combination of low detection, reputable hosting, and encrypted communication presents a stealthy attack vector highly likely to evade casual scrutiny.

As of this advisory, the domain remains active and under investigation, with no official block or takedown action recorded. PhishDestroy recommends immediate network and endpoint blocking of 188.114.97.3 and live-eng-legr.pages.dev to prevent user exposure. Security teams are advised to monitor for outbound connections to this IP and inspect DNS logs for resolution attempts. The risk level is currently classified as under_investigation but is assessed as high due to the drainer kit functionality and absence of detection. Users should avoid interacting with any links or content associated with this domain until definitive mitigations are in place.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/5bb83673-b2b4-4715-b95b-857118a12d2f
- PhishDestroy: https://phishdestroy.io/domain/live-eng-legr.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/live-eng-legr.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/live-eng-legr.pages.dev/
Last updated: 2026-03-22