# start-le-dgor-io.pages.dev — SUSPICIOUS

> Domain start-le-dgor-io.pages.dev hosts an active crypto drainer phishing campaign. Flagged by 0 of 95 VirusTotal vendors.

## Summary
PhishDestroy identifies the domain start-le-dgor-io.pages.dev as hosting an active crypto drainer phishing campaign. This threat is currently classified as generic_phishing with a risk level marked as under_investigation. The domain is not associated with any known brand impersonation at this time. The campaign status remains active, and further investigation is ongoing to determine the full scope of the operation, including potential targeting of cryptocurrency users or wallets.

This domain was flagged by 0 of 95 VirusTotal vendors as of the latest scan, indicating that it has not yet been widely recognized as malicious by security vendors. It is registered through Cloudflare, Inc., with a resolution to IP address 172.66.45.29. The domain uses a Google Trust Services SSL certificate, which may be leveraged to appear legitimate. The current status of blocklist inclusion is unknown, but the lack of detections suggests it has not yet been widely blacklisted. The domain appears to be recently created, though the exact creation date is not provided in available intelligence. Trust scores and additional reputation metrics remain unverified due to the low detection rate.

The current status of the campaign is active, and the risk to potential victims remains significant due to the nature of crypto drainers, which are designed to siphon cryptocurrency assets from unwitting users. PhishDestroy recommends that users avoid interacting with this domain entirely, including refraining from clicking any links or downloading any files associated with it. Organizations should consider blocking this domain at the network perimeter using DNS filtering or firewall rules. Additionally, users should be alerted to the presence of this domain, particularly those involved in cryptocurrency transactions. Further investigation is required to determine if additional infrastructure is associated with this campaign and to assess the full extent of its operations.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.45.29

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/902ef2c7-9d89-4fbd-9602-4a488b88d859
- PhishDestroy: https://phishdestroy.io/domain/start-le-dgor-io.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/start-le-dgor-io.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/start-le-dgor-io.pages.dev/
Last updated: 2026-03-22