# device-login-ledgr-cdn.pages.dev — SUSPICIOUS

> device-login-ledgr-cdn.pages.dev hosts credential theft malware, undetected on VirusTotal (0/95). Avoid entering login details. Report immediately.

## Summary
PhishDestroy identifies device-login-ledgr-cdn.pages.dev as a credential theft domain actively distributing phishing pages disguised as login portals. This domain leverages Cloudflare Pages to host counterfeit authentication interfaces, tricking visitors into submitting sensitive credentials under false pretenses. The infrastructure is deliberately designed to mimic legitimate login flows, increasing the risk of unauthorized account access.  This domain was flagged with 0 detections on VirusTotal out of 95 scanners, suggesting it has evaded detection by major security vendors. Registered through Cloudflare, Inc., it resolves to IP 172.66.44.184 and holds a Google Trust Services SSL certificate, which enhances its appearance of legitimacy. The combination of low detection rates and Cloudflare’s hosting service highlights the sophistication of this threat, as attackers exploit trusted infrastructure to bypass traditional defenses.  Users who visited this domain should assume their credentials may have been compromised if any were entered. Immediately reset passwords for affected accounts, enable two-factor authentication, and monitor for unusual activity. Avoid interacting with unexpected login prompts, especially those arriving via unsolicited emails or messages. Report any suspicious encounters to your security team or platform providers to help disrupt ongoing campaigns.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.184

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4ab62277-4ca9-4f38-a02c-0d7861da93af
- PhishDestroy: https://phishdestroy.io/domain/device-login-ledgr-cdn.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/device-login-ledgr-cdn.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/device-login-ledgr-cdn.pages.dev/
Last updated: 2026-03-21