# start-lrezor-login-en.pages.dev — MALICIOUS

> Beware of start-lrezor-login-en.pages.dev, a high-risk credential phishing site still active. Protect your accounts now!

## Summary
PhishDestroy has identified start-lrezor-login-en.pages.dev as a high-risk credential phishing domain actively targeting users. This domain is designed to steal sensitive login credentials through deceptive tactics.

The domain was registered on February 21, 2026, via Cloudflare, Inc., and continues to operate despite multiple detections. It currently appears on two security blocklists, and VirusTotal flags it as malicious by 16 security vendors, underscoring its dangerous nature and the robust infrastructure backing it.

Users and organizations should remain vigilant and avoid interacting with this domain. Employing email filters, endpoint security, and user education are critical steps to mitigate risk. PhishDestroy confirms the domain remains active, warranting immediate caution and response efforts.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.118
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["keaton.ns.cloudflare.com", "millie.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "ArcSight Threat Intelligence", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Phishing Database", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/01994610-ae65-75bd-8bf6-46e2756fd45d.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/3fda214f-8f1e-46d8-aa1f-e48d8c2f42a8
- PhishDestroy: https://phishdestroy.io/domain/start-lrezor-login-en.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/start-lrezor-login-en.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/start-lrezor-login-en.pages.dev/
Last updated: 2026-03-19