# app-legor-startts.pages.dev — SUSPICIOUS

> app-legor-startts.pages.dev impersonates LEGO’s Startts program to harvest user credentials. Hosted on Cloudflare with 0/95 VirusTotal detections, block.

## Summary
PhishDestroy identifies app-legor-startts.pages.dev as an active phishing site masquerading as LEGO’s Startts promotional campaign. The threat actor registered this domain through Cloudflare, Inc. to exploit user trust in reputable brands and harvest login credentials under the guise of a fictional LEGO promotion. Technical indicators such as the Google Trust Services SSL certificate and hosting on 188.114.96.3 are designed to appear legitimate, increasing the risk of successful credential theft.  

This domain was flagged with 0 confirmed detections on VirusTotal out of 95 engines scanned, indicating that signature-based defenses currently fail to recognize its malicious nature. The site leverages Cloudflare Pages and Google Trust Services to mimic trusted infrastructure, lowering suspicion among users. Given its active status and lack of detection, the risk of exposure remains high, particularly for users anticipating legitimate LEGO promotions.  

If you visited app-legor-startts.pages.dev, immediately stop interacting with the site and check for unauthorized login attempts to LEGO accounts or linked email addresses. Do not enter any credentials or personal information on this domain. Report the domain to your IT or security team for blocking and scan local devices for malware. Stay vigilant for future phishing campaigns leveraging brand impersonation.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/app-legor-startts.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/app-legor-startts.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/app-legor-startts.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/app-legor-startts.pages.dev/
Last updated: 2026-04-10