# desk-ledgrr-auth.pages.dev — SUSPICIOUS

> desk-ledgrr-auth.pages.dev impersonates a Google Pages site distributing phishing content; 4 out of 95 VirusTotal engines detected malware or phishing.

## Summary
PhishDestroy identifies desk-ledgrr-auth.pages.dev as an active Google Pages-hosted phishing domain currently delivering a generic credential-harvesting campaign. This site pretends to be a secure authentication portal but is designed to trick visitors into surrendering login details to threat actors. The infrastructure abuses Google’s Pages service to lend visual credibility while hosting malicious JavaScript and spoofed login forms designed to exfiltrate usernames and passwords. Users who land on this page may unwittingly submit sensitive credentials to attackers, risking account takeover and downstream financial or identity fraud.

This domain was flagged by PhishDestroy after VirusTotal detected 4 out of 95 participating security vendors classifying it as malicious, indicating a moderate but significant detection deficit among mainstream scanners. Registration was processed via Cloudflare, Inc., and the domain resolves to IP 188.114.97.3, hosted on Google’s infrastructure under the *.pages.dev wildcard certification authority operated by Google Trust Services. Current telemetry shows consistent uptime and active phishing payload delivery, with no indication of suspension or remediation at this time.

If you have visited desk-ledgrr-auth.pages.dev, immediately cease use of any credentials entered on the site and change passwords on all accounts where you reused the same email or password. Run a malware scan on your device using reputable antivirus software and monitor financial accounts for suspicious transactions. Report the domain to your email provider and browser for blocklisting and avoid clicking any links or attachments from unsolicited messages referencing this URL. Consider enabling multi-factor authentication across high-value accounts to mitigate further compromise should credentials have been exposed.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 4 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/8383814d-f195-45ac-8b53-2e2eedfca7ac
- PhishDestroy: https://phishdestroy.io/domain/desk-ledgrr-auth.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/desk-ledgrr-auth.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/desk-ledgrr-auth.pages.dev/
Last updated: 2026-03-30