# legr-desktop-io.pages.dev — SUSPICIOUS > legr-desktop-io.pages.dev is a crypto drainer posing as a legitimate service with 0/95 VirusTotal detections. Avoid interacting to prevent fund theft. ## Summary PhishDestroy identifies legr-desktop-io.pages.dev as an active crypto drainer impersonating a desktop application service. This domain is currently under investigation but exhibits high-risk behaviors, including the deployment of drainer scripts designed to steal cryptocurrency from unsuspecting victims. While the threat level is marked as 'under_investigation,' the absence of detections on VirusTotal (0/95) does not guarantee safety, as drainers often evolve to evade detection. Users should exercise extreme caution when encountering this domain, particularly in contexts involving cryptocurrency transactions or downloads. This domain resolves to IP 188.114.97.3 and operates under Google Trust Services' SSL certificate, which may be misused to appear legitimate. Registered through Cloudflare, Inc., the domain’s infrastructure benefits from Cloudflare’s widespread use, potentially complicating takedown efforts. Notably, VirusTotal’s current assessment shows 0/95 detections, indicating that security tools have not yet flagged this domain as malicious. The lack of detections underscores the evolving nature of crypto drainers, which frequently employ obfuscation techniques to bypass early-stage analysis. While no specific blocklists or trust scores are publicly documented, the combination of a fresh domain, high-risk indicators, and no detections warrants elevated scrutiny. Mitigation for this crypto drainer threat involves multiple layers of defense. First, avoid downloading any software or files from legr-desktop-io.pages.dev, as drainers often masquerade as legitimate applications or updates. Second, verify the legitimacy of any cryptocurrency-related service by cross-checking official websites, app stores, or trusted community sources. Enable multi-factor authentication (MFA) on all crypto wallets and use hardware wallets for large holdings to minimize exposure. If you have already interacted with this domain—such as entering wallet credentials or transferring funds—immediately revoke any connected permissions, transfer assets to a secure wallet, and scan your devices for malware. Report the domain to security platforms like VirusTotal, PhishDestroy, or your local cybercrime unit to aid in its identification and shutdown. Stay vigilant, as crypto drainers often exploit urgency or FOMO (fear of missing out) to trick users into hasty, irreversible actions. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/6844307b-5fb5-413f-927c-e5e8244697b9 - PhishDestroy: https://phishdestroy.io/domain/legr-desktop-io.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/legr-desktop-io.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/legr-desktop-io.pages.dev/ Last updated: 2026-04-12