# wel-legor-start.pages.dev — SUSPICIOUS > wel-legor-start.pages.dev is a phishing site mimicking login pages, using Cloudflare hosting. Users should avoid entering credentials; 0/95 VirusTotal. ## Summary wel-legor-start.pages.dev has been flagged as a phishing site under active investigation for hosting a fake login portal. The threat type is generic phishing, with a current risk level marked as 'under_investigation' but confirmed malicious. Analysis shows this domain resolves to IP 188.114.97.3 and is registered through Cloudflare, Inc., leveraging Google Trust Services for its SSL certificate. Despite zero detections on VirusTotal (0/95), the domain’s purpose aligns with credential harvesting, posing a high risk to unsuspecting users. PhishDestroy identifies this domain as a deceptive login portal designed to trick users into submitting sensitive credentials. Technical indicators include registration through Cloudflare, Inc., a trusted but often abused hosting provider, and an SSL certificate issued by Google Trust Services, which lends false legitimacy. The domain resolves to IP 188.114.97.3, a Cloudflare IP, and remains undetected by VirusTotal’s 95 engines as of the latest scan. While creation dates and blocklist status are not explicitly confirmed, the lack of detections suggests it may be a recently deployed or obfuscated threat. The absence of detections does not equate to safety, particularly given the domain’s clear phishing intent. Users should immediately avoid interacting with wel-legor-start.pages.dev, as it is likely part of a broader credential-harvesting campaign. If credentials were entered, users must change passwords immediately and enable multi-factor authentication on all linked accounts. Organizations should consider blocking this IP (188.114.97.3) and domain at the network level. Always verify URLs through official channels and report suspicious domains to security teams or phishing reporting platforms. Cloudflare’s hosting does not guarantee safety, as threat actors frequently exploit legitimate services to evade detection. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/97a9b471-b9dc-4aa3-8205-f133d768a960 - PhishDestroy: https://phishdestroy.io/domain/wel-legor-start.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/wel-legor-start.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/wel-legor-start.pages.dev/ Last updated: 2026-04-12