# desktop-ledgrer.pages.dev — SUSPICIOUS

> desktop-ledgrer.pages.dev engaged in AOL-themed credential harvesting. Analysis shows 0/95 VirusTotal detections with Cloudflare hosting. Check the full report.

## Summary
PhishDestroy identifies desktop-ledgrer.pages.dev as an actively-hosted credential theft page impersonating AOL, operating under the generic_phishing threat classification as of seed 0482e2. The domain leverages a Pages.dev subdomain to mimic official AOL webmail interfaces, likely targeting users via deceptive links or spoofed emails. No custom drainer kit indicators were observed in initial sandbox analysis, suggesting reliance on default Cloudflare Workers or Pages deployment for rapid campaign deployment and low infrastructure overhead.

Technical indicators confirm alarming legitimacy indicators: the domain is registered through Cloudflare, Inc., evidenced by its Cloudflare-managed DNS resolution to IP 172.66.47.49. The SSL certificate is issued by Google Trust Services, contributing to a false appearance of authenticity. VirusTotal scanning returns a clean 0/95 detection score across multiple AV engines, suggesting evasion of signature-based defenses. As of intelligence collection, the domain has not been flagged on Google Safe Browsing (GSB), and no known inclusion in public threat intelligence blocklists has been recorded, increasing exposure risk to users.

Current status remains active with no observed takedown response as of latest monitoring (seed 0482e2). Security teams are advised to block the domain at the network perimeter and flag via DNS sinkholing. Users should avoid interaction and treat any login prompts from this domain as high-risk. Remaining risk is assessed as elevated due to successful SSL certificate issuance, absence of detections, and reliance on trusted cloud providers for hosting. Immediate reporting to email security teams and sharing with threat intelligence platforms is recommended to accelerate detection and mitigation.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.49

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/desktop-ledgrer.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/desktop-ledgrer.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/desktop-ledgrer.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/desktop-ledgrer.pages.dev/
Last updated: 2026-04-06