# lejr-com-start.pages.dev — SUSPICIOUS

> PhishDestroy identifies lejr-com-start.pages.dev as a fake login page phishing scam. Resolves to 188.114.97.3 with 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies lejr-com-start.pages.dev as an active phishing domain posing as a legitimate login page. This fraudulent site is designed to harvest user credentials by mimicking a trusted service, with a high likelihood of targeting victims through deceptive links or spoofed emails. The domain is hosted on 188.114.97.3 via Cloudflare, leveraging the provider’s infrastructure to obscure its true origin and evade detection. While VirusTotal currently shows 0/95 detection rates, this does not guarantee safety, as phishing pages often bypass initial scans by rapidly cycling domains or employing sophisticated obfuscation techniques.  This domain was flagged under generic phishing due to its misuse of a Cloudflare-registered pages.dev subdomain, which is typically leveraged for legitimate static hosting. The absence of detections (0/95 on VirusTotal) and the use of Google Trust Services SSL certificates further enhance its credibility, tricking users into believing it is a secure portal. Historically, pages.dev subdomains have been abused for credential harvesting, with attackers exploiting the trust associated with legitimate domains to lower user vigilance. The IP resolution to 188.114.97.3—shared by other known phishing infrastructure—adds to the risk profile.  If you visited lejr-com-start.pages.dev, PhishDestroy advises users to immediately change passwords for any accounts entered on this site and enable multi-factor authentication (MFA) on all associated services. Scan devices for malware using up-to-date antivirus tools, as phishing pages may deploy background scripts or steal session cookies. Report the domain to your email provider, browser, and platforms like PhishDestroy to aid in blacklisting. Avoid interacting with unsolicited links claiming to originate from this domain, and verify any login prompts through official channels before entering credentials.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/429de755-c94b-45b5-817a-5efd0942580e
- PhishDestroy: https://phishdestroy.io/domain/lejr-com-start.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/lejr-com-start.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/lejr-com-start.pages.dev/
Last updated: 2026-03-22