# desktops-en-live-ledgr.pages.dev — SUSPICIOUS

> PhishDestroy identifies desktops-en-live-ledgr.pages.dev as a live phishing domain hosting a generic lure to steal credentials. Resolves to 188.114.96.

## Summary
PhishDestroy identifies desktops-en-live-ledgr.pages.dev as an active generic phishing domain leveraging Cloudflare Pages to host a credential-harvesting landing page. The domain attempts to impersonate a desktop live-stream or support portal, tricking users into entering login credentials. No specific brand or drainer kit has been positively matched at this time; additional sandbox analysis is required to extract the exact payload. The campaign is currently delivering malicious content and remains under live observation with seed 3bdf72.

Technical indicators confirm low detection coverage: VirusTotal shows 0/95 engines flag the domain, the registrar is Cloudflare, Inc., and the resolution points to IP 188.114.96.3. The SSL certificate is issued by Google Trust Services, indicating active HTTPS enforcement. Creation date and blocklist affiliations are still under forensic review; however, the absence of detections suggests this is a newly deployed or lightly used infrastructure element.

Current status remains active with a high likelihood of continued operation until community or automated takedown actions occur. Users should immediately block the domain at network and endpoint levels and avoid accessing it. This domain poses high risk due to low detection despite active compromise. PhishDestroy continues monitoring and will escalate findings to sector blocking lists and CERTs. Remaining risk is assessed as high until signature-based detection improves and the payload is fully analyzed.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c859f838-200b-43a7-b46a-0a369410bcd7
- PhishDestroy: https://phishdestroy.io/domain/desktops-en-live-ledgr.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/desktops-en-live-ledgr.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/desktops-en-live-ledgr.pages.dev/
Last updated: 2026-04-11