# auth-ldgr-live.pages.dev — SUSPICIOUS > auth-ldgr-live.pages.dev hosts a credential theft phishing page mimicking a login portal, with zero detections on VirusTotal (0/95). Investigate immediately. ## Summary PhishDestroy identifies auth-ldgr-live.pages.dev as a credential theft domain masquerading as a legitimate login page, actively targeting unsuspecting users. This domain leverages Cloudflare Pages to host a spoofed authentication interface, tricking victims into surrendering sensitive credentials under the guise of a security check. The threat actor behind this campaign employs a generic naming convention to evade detection, capitalizing on user trust in familiar domain structures like 'pages.dev'. Given its current status as 'under_investigation' yet marked 'active', the risk of exposure remains significant, particularly for users accustomed to bypassing traditional phishing filters through legitimate-looking infrastructure. Evidence supporting this advisory includes the domain's registration under Cloudflare, Inc., with hosting resolved to IP 188.114.97.3 via Google Trust Services SSL certificates. Notably, VirusTotal currently reports zero detections across 95 security vendors, indicating a fresh or highly evasive campaign. While the exact registration date is unavailable, the absence of detections on established platforms suggests this threat has yet to be widely recognized or mitigated. The combination of legitimate infrastructure (Cloudflare Pages, Google SSL) and evasion tactics (low VT score) highlights the sophistication of this operation, warranting immediate scrutiny from SOC teams and end users alike. Users who have interacted with auth-ldgr-live.pages.dev should assume compromise and take immediate action. Reset passwords for any credentials entered on this domain, enable multi-factor authentication where possible, and scan local systems for malware using trusted antivirus tools. Report the domain to your email provider and browser security teams to aid in takedown efforts. Organizations should block this domain at the network perimeter and monitor for anomalous login attempts originating from affected accounts. Proactive user awareness training is critical to prevent further exploitation of this credential theft campaign. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/0371bb8a-3bc0-4ae5-8f0b-ee06f0297442 - PhishDestroy: https://phishdestroy.io/domain/auth-ldgr-live.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/auth-ldgr-live.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/auth-ldgr-live.pages.dev/ Last updated: 2026-03-22