# set-legr-login.pages.dev — SUSPICIOUS

> set-legr-login.pages.dev is flagged for credential phishing. 1 of 95 VirusTotal vendors detected this threat. Check the full report.

## Summary
PhishDestroy identifies set-legr-login.pages.dev as an active credential phishing domain designed to steal user login credentials under the guise of a legitimate service.  set-legr-login.pages.dev is currently active and impersonates a login portal, likely targeting users with a fake authentication interface. The domain is registered through Cloudflare, Inc., and resolves to IP address 172.66.45.31. According to VirusTotal, this domain is flagged by 1 of 95 security vendors, indicating a low but notable detection rate. The SSL certificate is issued by Google Trust Services, which may lend an air of legitimacy to unsuspecting users. While specific creation dates and blocklist counts are not provided, the presence of Google Trust Services as the certificate authority suggests recent deployment, as Cloudflare Pages domains often leverage automated certificate provisioning.  The elevated risk level associated with this domain stems from its active status and the credential phishing objective, which poses a direct threat to user account security. Given the low VirusTotal detection rate, this domain may evade some security filters, increasing the risk of successful phishing attempts. Users should avoid interacting with set-legr-login.pages.dev or any linked content and report the domain to relevant authorities or security teams. Security researchers are advised to monitor this domain for changes in infrastructure or detection rates, as credential phishing remains a prevalent and effective attack vector.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.45.31

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/93a80b39-b23e-4302-82bf-133df8c83475
- PhishDestroy: https://phishdestroy.io/domain/set-legr-login.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/set-legr-login.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/set-legr-login.pages.dev/
Last updated: 2026-03-22