# leger-start-login.pages.dev — SUSPICIOUS

> leger-start-login.pages.dev is a credential theft site flagged by 2/95 VirusTotal vendors. Google Trust Services SSL backs this active phishing page.

## Summary
PhishDestroy identifies leger-start-login.pages.dev as an active credential theft page impersonating a login interface. The domain carries no known brand impersonation or crypto drainer kit in observed payloads.


Technical indicators show VirusTotal detection at 2/95, Cloudflare registration, and IP 172.66.45.18. The domain uses a Google Trust Services SSL certificate with no blocklist records present at time of analysis.


This domain remains active with elevated risk. Immediate blocking of the domain and IP is advised. Monitoring for re-emergence on alternative infrastructure is recommended due to persistent threat.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.45.18

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/53b4915a-e9b0-49fd-807d-eb1785e5db02
- PhishDestroy: https://phishdestroy.io/domain/leger-start-login.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/leger-start-login.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/leger-start-login.pages.dev/
Last updated: 2026-03-21