# en-us-live-legru.pages.dev — SUSPICIOUS

> PhishDestroy identifies en-us-live-legru.pages.dev as an active brand impersonation phishing domain with 0/95 VirusTotal detections. Action: Block and report.

## Summary
PhishDestroy identifies en-us-live-legru.pages.dev as a brand impersonation phishing domain impersonating a major technology brand in the United States. The domain leverages a deceptive subdomain structure (en-us-live-legru) to mimic official regional or live support pages, a common tactic in credential theft campaigns. No evidence of a crypto drainer kit has been observed at this stage, though the infrastructure remains under active analysis for additional malicious components.  This domain was flagged on [redacted] and shows a clean VirusTotal score of 0/95 detections as of the latest scan, indicating it has evaded current signature-based detection. It is registered through Cloudflare, Inc., resolving to IP 188.114.97.3, and secured with a Google Trust Services SSL certificate. The domain was created recently and remains unblocked by Google Safe Browsing (GSB status: under review), with no confirmed entries in major threat intelligence blocklists at this time.  The domain is currently ACTIVE and under investigation by PhishDestroy’s anti-phishing team. Immediate response actions include threat intelligence sharing with domain registrars and hosting providers, and coordination with brand owners for domain takedown via Cloudflare abuse channels. While the current risk level is marked as under_investigation, users are advised to treat this domain as HIGH RISK until confirmed safe. PhishDestroy recommends blocking the domain at the network perimeter and updating browser blacklists to prevent access.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/en-us-live-legru.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/en-us-live-legru.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/en-us-live-legru.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/en-us-live-legru.pages.dev/
Last updated: 2026-04-05