# auth-desktoplegr.pages.dev — SUSPICIOUS > auth-desktoplegr.pages.dev impersonates Microsoft login portals to harvest credentials, resolving to 188.114.97.3 with zero VirusTotal detections. ## Summary PhishDestroy identifies auth-desktoplegr.pages.dev as an active Microsoft account credential phishing site designed to deceive users into surrendering login credentials under the guise of a legitimate desktop application authentication page. This domain leverages Cloudflare Pages to host a spoofed Microsoft login interface, tricking victims into entering their email and password combinations into a fraudulent form. The threat actor behind this campaign likely intends to harvest these credentials for subsequent account takeovers, financial fraud, or further spear-phishing operations against the compromised user's contacts. Given the domain's use of Cloudflare’s infrastructure and a Google Trust Services SSL certificate, it evades immediate detection by traditional security tools, increasing the risk of successful exploitation. This domain was flagged by PhishDestroy’s automated pipeline under seed e50fd8 after analysis revealed zero detections on VirusTotal despite its active operation. The domain resolves to IP address 188.114.97.3 and is registered through Cloudflare, Inc., which provides anonymity and operational resilience to threat actors. The use of a legitimate SSL certificate issued by Google Trust Services further enhances the credibility of the phishing page, making it appear trustworthy to unsuspecting users. The domain’s infrastructure is consistent with modern phishing campaigns that prioritize evasion and rapid deployment to maximize the window of opportunity before takedowns occur. Users who have visited auth-desktoplegr.pages.dev should immediately inspect their account activity for signs of unauthorized access, such as unfamiliar login locations or unrecognized devices. If credentials were entered, change the password immediately and enable multi-factor authentication (MFA) to secure the account. Avoid interacting with any prompts or links from unsolicited emails or websites claiming to be Microsoft login portals. Report the domain to your email provider or security team to aid in blocking efforts. For further protection, use browser extensions or security tools that detect and block phishing domains in real time. Proactive monitoring of account activity and cautious handling of login requests are critical to mitigating the risks posed by this credential harvesting campaign. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/bfbbcb93-bab8-4ff7-89ac-6f61ccead7a3 - PhishDestroy: https://phishdestroy.io/domain/auth-desktoplegr.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/auth-desktoplegr.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/auth-desktoplegr.pages.dev/ Last updated: 2026-04-12