# meta-lemor-b31.pages.dev — MALICIOUS

> meta-lemor-b31.pages.dev is a high-risk phishing domain recently taken offline. Learn how this scam operates and steps to protect yourself.

## Summary
PhishDestroy has identified meta-lemor-b31.pages.dev as a high-risk phishing domain designed to deceive users into divulging personal or sensitive information. Although the domain is currently offline, it posed a significant threat by impersonating legitimate services and exploiting user trust. Visiting such sites can lead to identity theft, financial loss, or unauthorized access to accounts.

This phishing scheme primarily relied on a cloud-hosted page mimicking trustworthy platforms to trick victims into submitting credentials or personal data. The domain was registered through Cloudflare, Inc. on February 21, 2026, and was flagged by multiple security tools, appearing on at least one security blocklist. Its IP address resolution to 172.66.46.211 and hosting through a reputable provider aimed to lend a facade of legitimacy, increasing the likelihood of successful deception.

If you have visited meta-lemor-b31.pages.dev, it is crucial to immediately change any passwords entered on the site, monitor your accounts for suspicious activity, and consider enabling multi-factor authentication. Additionally, running comprehensive antivirus scans and reporting the incident to your organization's IT or security team can help mitigate potential fallout. Staying vigilant against such phishing attempts is essential to maintaining your digital safety.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.46.211
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["desi.ns.cloudflare.com", "emerson.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Phishing Database", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bd3c5-2999-771c-ae9f-ed41f5f7abd6.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/72805301-9318-44fc-a307-6630d7713ad4
- PhishDestroy: https://phishdestroy.io/domain/meta-lemor-b31.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/meta-lemor-b31.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/meta-lemor-b31.pages.dev/
Last updated: 2026-03-19