# start-leger-live-en.pages.dev — SUSPICIOUS

> PhishDestroy identifies start-leger-live-en.pages.dev as a malicious 'crypto wallet drainer' domain hosted on Cloudflare. VT score 0/95, resolving to 188.114.97.

## Summary
PhishDestroy identifies the domain start-leger-live-en.pages.dev as an active generic phishing campaign leveraging a cryptocurrency wallet drainer kit. The domain mimics legitimate financial or legal services to deceive users into connecting wallets or submitting seed phrases. This campaign does not target a single brand but employs a generic approach to capture crypto assets across multiple platforms. The drainer kit is designed to drain funds from connected wallets upon user interaction, such as clicking a malicious link or approving a fraudulent transaction.  

This domain was flagged through Cloudflare Pages, registered via Cloudflare, Inc., and resolves to IP address 188.114.97.3. The domain currently holds a VirusTotal detection score of 0/95, indicating it has evaded automated detection systems. It utilizes a Google Trust Services SSL certificate, adding a false sense of legitimacy. The domain is newly registered and remains unlisted on major blocklists, including Google Safe Browsing (GSB). The lack of detections and blocklist entries suggests this campaign is in its early stages, with threat actors actively testing its effectiveness.  

The campaign is classified as active with a risk level under investigation, meaning further analysis is required to determine its full scope and potential impact. PhishDestroy recommends immediate caution: users should avoid interacting with this domain, verify any financial or legal communications through official channels, and report the domain to security teams or platforms like VirusTotal. While the current risk is elevated due to the drainer kit's presence, the lack of detections and blocklist entries means proactive measures are essential to prevent victimization. Remaining risk includes potential expansion to other domains or platforms, as threat actors refine their tactics.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/8be8c1d0-4f08-4258-a9f4-c9975d8e81a1
- PhishDestroy: https://phishdestroy.io/domain/start-leger-live-en.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/start-leger-live-en.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/start-leger-live-en.pages.dev/
Last updated: 2026-03-30