# legr-en-us.pages.dev — SUSPICIOUS

> legr-en-us.pages.dev is flagged for credential harvesting with 1/95 VirusTotal detections. Users should avoid entering any personal data on this domain to.

## Summary
PhishDestroy identifies legr-en-us.pages.dev as an active credential harvesting domain leveraging Cloudflare Pages to impersonate legitimate services. The domain employs generic_phishing tactics to deceive users into submitting sensitive credentials, likely targeting unsuspecting victims through social engineering or malvertising campaigns. No specific brand impersonation or drainer kit payload was observed in available telemetry, but the infrastructure suggests opportunistic credential theft operations.  This domain was flagged with a VirusTotal detection score of 1 out of 95 security vendors as of the latest scan. It is registered through Cloudflare, Inc., resolving to IP address 172.66.47.126, and secured with a Google Trust Services SSL certificate. The domain is part of Cloudflare Pages, a legitimate platform often abused for phishing due to its free hosting and rapid deployment capabilities. While the exact creation date remains unverified, the domain's active status and low detection rate indicate a recently deployed threat infrastructure.  The domain remains active with an elevated risk level, indicating ongoing malicious operations. Security researchers and users are advised to block access to legr-en-us.pages.dev immediately and report the domain to threat intelligence platforms. Despite its low current detection rate, the domain's infrastructure and tactics pose a credible threat to credential security. Remaining risk is elevated due to potential undiscovered variants or related infrastructure, warranting continuous monitoring and proactive defense measures.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.126

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/2f19c651-9663-4e6a-b7d0-8a24742a529e
- PhishDestroy: https://phishdestroy.io/domain/legr-en-us.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/legr-en-us.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/legr-en-us.pages.dev/
Last updated: 2026-03-26