# en-lgor-live.pages.dev — SUSPICIOUS > PhishDestroy identifies en-lgor-live.pages.dev as a crypto drainer phishing site with 0/95 VirusTotal detections. Verify URLs before clicking to avoid theft. ## Summary PhishDestroy identifies the domain en-lgor-live.pages.dev as a generic phishing page currently under investigation for potential crypto drainer activity. This domain does not explicitly impersonate a specific brand but exhibits characteristics consistent with credential harvesting or cryptocurrency wallet theft infrastructure. The threat type remains classified as generic due to limited behavioral telemetry; however, the use of a Cloudflare Pages subdomain (pages.dev) suggests an attempt to leverage trusted hosting providers to evade traditional detection mechanisms. No specific drainer kit signatures have been publicly documented for this domain at this time, but the infrastructure alignment with known phishing toolkases remains under scrutiny as part of ongoing analysis. This domain resolves to IP address 172.66.44.115 and is registered through Cloudflare, Inc., utilizing a Google Trust Services SSL certificate—attributes commonly exploited to lend false legitimacy to phishing portals. As of the latest scan, the domain shows 0 detections out of 95 engines on VirusTotal, indicating it has not yet been widely flagged in global threat intelligence feeds. While the SSL certificate suggests recent issuance (typical of short-lived phishing domains), the registration date and broader blocklist status remain unverified due to the domain’s low profile. The absence of detections, despite active hosting, highlights the evasive nature of this threat and the need for proactive user verification. Currently, the domain remains active and under investigation with a status classified as under_investigation and a risk level of under_investigation. PhishDestroy has flagged this domain as active and is conducting further behavioral analysis to determine its full operational scope, including potential payload delivery mechanisms and target audience. Users are strongly advised to avoid interacting with en-lgor-live.pages.dev and to report any related incidents through PhishDestroy’s verification portal. While the immediate risk is not quantified due to ongoing assessment, the use of trusted infrastructure and lack of detections suggest a high potential for future victimization. Remain vigilant and verify all URLs before entering credentials or cryptocurrency wallet information. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.115 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/4cadafdc-b531-4d80-bf81-cae4fc87fcfd - PhishDestroy: https://phishdestroy.io/domain/en-lgor-live.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/en-lgor-live.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/en-lgor-live.pages.dev/ Last updated: 2026-03-31