# en-us-desktop-ledg.pages.dev — SUSPICIOUS

> en-us-desktop-ledg.pages.dev hosts a fake Microsoft login page targeting users with a crypto drainer. Verify legitimacy on PhishDestroy before entering.

## Summary
PhishDestroy identifies the domain en-us-desktop-ledg.pages.dev as a live phishing page impersonating Microsoft login portals to deploy crypto drainers. This campaign remains active as of the latest investigation, with threat actors leveraging Cloudflare Pages to host fraudulent content designed to harvest credentials and initiate unauthorized cryptocurrency transactions. The threat is classified as a generic phishing vector targeting Microsoft users, with the domain currently under active analysis.


Technical analysis reveals the domain resolves to IP address 188.114.97.3 and operates under a Google Trust Services SSL certificate, indicating an attempt to establish legitimacy. Registered through Cloudflare, Inc., this domain has not yet been flagged by security vendors, showing 0 detections out of 95 VirusTotal scanners as of the latest scan. The absence of blocklist entries suggests this campaign may be newly deployed or using evasion tactics to bypass initial detection mechanisms. Additional threat intelligence indicates this infrastructure has not yet accumulated significant trust scores or reputation metrics within cybersecurity databases.


As this domain remains under investigation, users are strongly advised to avoid interacting with en-us-desktop-ledg.pages.dev or any linked pages claiming to be Microsoft services. Verify the legitimacy of login portals by cross-checking URLs against official Microsoft domains (login.microsoftonline.com) and enabling multi-factor authentication on all accounts. Report suspicious domains to PhishDestroy for verification and block access to this IP range (188.114.97.0/24) at the network level where possible. Monitor financial accounts for unauthorized transactions and consider using hardware wallets or transaction approval systems to mitigate crypto drainer risks.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/a4e48bd6-b416-49ab-8dc9-a257ef481a7a
- PhishDestroy: https://phishdestroy.io/domain/en-us-desktop-ledg.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/en-us-desktop-ledg.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/en-us-desktop-ledg.pages.dev/
Last updated: 2026-03-24