# ledje-r-com-str.pages.dev — SUSPICIOUS > ledje-r-com-str.pages.dev is hosting a credential phishing page mimicking login portals. VirusTotal detection rate is 1/95 vendors. Check the full report. ## Summary PhishDestroy identifies an active credential harvesting campaign hosted on ledje-r-com-str.pages.dev, a Google Pages site leveraging Cloudflare infrastructure. This domain resolves to IP 188.114.97.3 and employs a Google Trust Services SSL certificate to appear legitimate. The threat actor impersonates a login portal, likely targeting users with deceptive emails, fake notifications, or malicious redirects. Security researchers first flagged this domain on 2024-05-13, and as of this report, it remains active and unblocked by most perimeter defenses. This domain poses an elevated phishing risk due to its combination of trusted infrastructure (Cloudflare, Google Trust Services) and low detection rate. VirusTotal analysis reveals only 1 out of 95 security vendors has flagged this domain, leaving most automated defenses blind to the threat. Cloudflare, Inc. serves as the registrar and hosting provider via its Pages platform, which attackers exploit to rapidly deploy spoofed login interfaces. The domain’s age (2 months active) suggests opportunistic targeting rather than long-term infrastructure. Despite its lack of outright blocking, the domain’s recent creation and low detection rate indicate a threat actor leveraging fresh infrastructure to avoid historical reputation checks. Users who visited ledje-r-com-str.pages.dev should assume their credentials may have been compromised. Immediately change passwords for any accounts associated with this domain’s perceived service (e.g., if it mimics a banking, email, or corporate portal). Enable multi-factor authentication wherever possible and review account activity for signs of unauthorized access. Report the domain to your IT/security team and block it at the network level if feasible. Use a password manager to avoid manually entering credentials on unfamiliar sites, as this reduces the risk of exposing information to hidden input capture mechanisms. Avoid clicking links from unsolicited emails or messages—navigate directly to known-good portals to verify legitimacy. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/d692f8ad-a3e0-4cfa-b630-05b9bfcdc6f3 - PhishDestroy: https://phishdestroy.io/domain/ledje-r-com-str.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ledje-r-com-str.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledje-r-com-str.pages.dev/ Last updated: 2026-03-22