# legr-start-io.pages.dev — SUSPICIOUS

> PhishDestroy identifies legr-start-io.pages.dev as a crypto drainer phishing site with 4/95 VirusTotal detections. Avoid entering wallet details here.

## Summary
PhishDestroy has flagged legr-start-io.pages.dev as a crypto drainer phishing domain, designed to trick visitors into connecting cryptocurrency wallets and stealing digital assets. This site mimics legitimate services to deceive users into approving malicious transactions that drain their crypto holdings. The threat is elevated due to its active configuration and the presence of a Google Trust Services SSL certificate, which can lend false credibility to unsuspecting visitors.  This domain was flagged by PhishDestroy with the unique seed identifier 94fd6d. It resolves to the IP address 188.114.97.3 and is registered through Cloudflare, Inc. Security vendor analysis via VirusTotal indicates that 4 out of 95 security tools have detected this domain as malicious, highlighting a moderate but concerning detection rate. The domain uses a Pages.dev subdomain, often leveraged by threat actors to host fraudulent content under the guise of legitimate platforms like Cloudflare Pages.  If you visited legr-start-io.pages.dev, immediately disconnect your cryptocurrency wallet from the site and revoke any unauthorized permissions via your wallet’s settings. Do not enter any private keys, seed phrases, or wallet credentials. Scan your device for malware using reputable security software and consider transferring remaining assets to a secure, offline wallet. Report the domain to your wallet provider and relevant cybersecurity authorities to help prevent further victimization.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 4 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/cbf44a4e-fd11-4815-a1b6-b11feea4ef84
- PhishDestroy: https://phishdestroy.io/domain/legr-start-io.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/legr-start-io.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/legr-start-io.pages.dev/
Last updated: 2026-03-22