# us-en-leger.pages.dev — SUSPICIOUS

> PhishDestroy identifies us-en-leger.pages.dev as a counterfeit Leger loyalty login phishing page. Check the full report.

## Summary
PhishDestroy identifies us-en-leger.pages.dev as an active fake loyalty-login phishing site impersonating Leger rewards. The domain exhibits high-risk characteristics and is currently under investigation pending further evidence of credential theft.

This domain was flagged via automated threat feeds under the unique seed 624abf. It resolves to IP address 172.66.47.151 and is registered through Cloudflare, Inc., though the underlying hosting infrastructure is associated with the Pages.dev platform. The SSL certificate is issued by Google Trust Services, and VirusTotal currently shows 0/95 detections with no blocklist entries at time of analysis. While the infrastructure appears legitimate due to Cloudflare and Google Trust Services, the domain's purpose—posing as a Leger rewards login portal—indicates a clear intent to deceive users into surrendering sensitive account credentials.

To mitigate exposure, users should avoid interacting with this domain entirely and delete any cached or bookmarked links referencing it. If credentials were entered, immediately reset passwords on legitimate Leger accounts and enable multi-factor authentication. Organizations are advised to block us-en-leger.pages.dev at the network perimeter and alert users through security awareness training. Chrome and Firefox users may also submit the URL to Google Safe Browsing via their respective reporting tools.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.151

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/d8dee88d-3032-4ee4-a888-802c38337762
- PhishDestroy: https://phishdestroy.io/domain/us-en-leger.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/us-en-leger.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/us-en-leger.pages.dev/
Last updated: 2026-03-26