# qfs-ledgerweb3.com — SUSPICIOUS > qfs-ledgerweb3.com is a crypto drainer with 0/95 detections. Block this crypto-stealing phishing site and protect your digital assets now. ## Summary Under active investigation, the domain qfs-ledgerweb3.com is currently flagged as a crypto drainer, a type of malicious site designed to siphon cryptocurrency from unsuspecting users. The threat level remains classified as under investigation, but the domain’s recent activity and evasion of detection highlight a critical risk to cryptocurrency holders. The site mimics legitimate Web3 platforms, luring victims into connecting their wallets and unknowingly authorizing fraudulent transactions. PhishDestroy, MetaMask, and SEAL have already blocked this domain, though VirusTotal currently shows 0 out of 95 detections. Registered through TuringSign Inc. d/b/a Cosmotown on March 31, 2026, the domain resolves to IP address 213.130.145.244. It has also been flagged on three separate security blocklists, further corroborating its malicious nature. The use of a Let’s Encrypt SSL certificate adds a misleading veneer of legitimacy, while the domain’s recent creation suggests an opportunistic campaign targeting emerging trends in decentralized finance. This domain’s behavior aligns with known crypto drainer tactics, including deceptive UI, fake transaction prompts, and rapid fund exfiltration. Given the absence of traditional AV detection, users must rely on proactive defenses such as wallet filters, transaction simulation tools, and manual verification of URLs. Never connect wallets to unfamiliar sites, and always cross-check domains against reputable blocklists. Organizations should deploy network-level protections to block this IP and monitor for similar domains registered by the same registrar. Immediate action is required to mitigate exposure, as this threat is actively evolving and may expand beyond its current infrastructure. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-31 11:06:05 - Registrar: TuringSign Inc. d/b/a Cosmotown - IP: 213.130.145.244 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 3 hits Lists: ["PhishDestroy", "MetaMask", "SEAL"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/e56e9500-44bd-4aaa-b193-177dc08fb359 - PhishDestroy: https://phishdestroy.io/domain/qfs-ledgerweb3.com/ - LLM endpoint: https://phishdestroy.io/domain/qfs-ledgerweb3.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/qfs-ledgerweb3.com/ Last updated: 2026-03-31