# page-linkedin-sales-nav-export.pages.dev — SUSPICIOUS > PhishDestroy flags page-linkedin-sales-nav-export.pages.dev as a crypto drainer. This Cloudflare site mimics LinkedIn Sales Navigator exports. ## Summary PhishDestroy identifies the active domain page-linkedin-sales-nav-export.pages.dev as a generic phishing page impersonating LinkedIn Sales Navigator export functionality to harvest credentials and drain crypto wallets. The campaign is currently marked as active and under investigation as a high-risk crypto-drainer operation. This domain was flagged by 0 of 95 VirusTotal vendors, registered through Cloudflare, Inc., resolves to IP 172.66.44.109, and holds a valid SSL certificate issued by Google Trust Services. The domain is a Cloudflare Pages site, indicating rapid deployment via Cloudflare’s platform with minimal friction for threat actors. Despite zero detections on VirusTotal and no listings on major blocklists, the absence of flags is not indicative of legitimacy but rather reflects the domain’s recent creation and the evasiveness of crypto-drainer toolkits that avoid traditional signature-based detection. While the campaign remains under investigation, users should treat this domain as malicious. PhishDestroy strongly recommends blocking page-linkedin-sales-nav-export.pages.dev at the network level and instructing users to verify any LinkedIn Sales Navigator-related exports through official LinkedIn channels only. Avoid accessing this domain or entering credentials; report suspicious activity immediately. The use of Cloudflare Pages and Google-trusted SSLs highlights the need for behavioral and reputation-based detection beyond static analysis. Enhanced monitoring for related domains and IPs is advised due to the likely expansion of this campaign. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.109 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/fb6d4b88-2fa2-4beb-bc6f-4640e502b494 - PhishDestroy: https://phishdestroy.io/domain/page-linkedin-sales-nav-export.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/page-linkedin-sales-nav-export.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/page-linkedin-sales-nav-export.pages.dev/ Last updated: 2026-03-28