# sub-start-legerr.pages.dev — SUSPICIOUS

> PhishDestroy flags sub-start-legerr.pages.dev as an active crypto drainer with 0/95 VirusTotal detections. Block immediately to safeguard crypto assets.

## Summary
PhishDestroy identifies sub-start-legerr.pages.dev as an active crypto drainer under investigation, posing a high risk to cryptocurrency users. The domain mimics legitimate services to deceive victims into approving malicious wallet transactions, leading to asset theft. Cloudflare infrastructure hosting the site and zero VirusTotal detections indicate an evasive threat still in early propagation.

This domain was flagged with a generic phishing threat type. VirusTotal analysis shows 0/95 security engines flagged the URL as malicious (seed a52ed6). The domain is registered through Cloudflare, Inc., resolving to IP 172.66.44.166 via Google Trust Services SSL certificates. Additional indicators include an unverified trust score and absence from major blocklists at the time of review, suggesting a recently activated campaign.

Mitigation requires immediate blocking of the domain and IP to prevent wallet connection requests. Users should revoke any unwarranted crypto approvals via blockchain explorers like Etherscan. Organizations should deploy DNS filtering to block *.pages.dev subdomains and monitor for similar crypto drainer signatures. Report the domain to abuse@cloudflare.com with full context to accelerate takedown.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.166

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/83fef953-df39-415f-92df-ba0ef56e556e
- PhishDestroy: https://phishdestroy.io/domain/sub-start-legerr.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/sub-start-legerr.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/sub-start-legerr.pages.dev/
Last updated: 2026-04-12