# eng-desktop-legr.pages.dev — SUSPICIOUS

> eng-desktop-legr.pages.dev hosts a credential theft scam impersonating a major brand. Flagged by 0 of 95 VirusTotal vendors. Block immediately.

## Summary
PhishDestroy identifies eng-desktop-legr.pages.dev as an active credential theft scam leveraging brand impersonation to harvest user credentials. The domain is currently operational and distributing malicious content designed to deceive victims into surrendering login details under false pretenses. This campaign is part of a broader trend where attackers abuse legitimate cloud services—specifically Cloudflare Pages—to host phishing infrastructure while maintaining a veneer of legitimacy through Google Trust Services SSL certificates.


This domain was flagged by 0 of 95 VirusTotal vendors as of the latest scan, indicating undetected malicious activity. It is registered through Cloudflare, Inc., resolving to IP 172.66.47.88. The site utilizes a Google Trust Services SSL certificate, which may enhance user trust despite its malicious intent. Based on seed data 12ee47, the domain remains under active investigation, with no confirmed blocklist entries at this time. Trust scores are pending further behavioral analysis, but the absence of detections suggests a stealthy deployment strategy aimed at evading automated detection mechanisms.


Current status indicates an active and evolving threat. The use of Cloudflare Pages allows attackers to rapidly deploy and iterate on phishing pages while leveraging Google’s trusted certificate infrastructure to bypass browser security warnings. Given the domain’s low detection rate and lack of blocklist inclusion, immediate action is required to prevent further victimization. Organizations and individuals should block eng-desktop-legr.pages.dev at the network perimeter and DNS level. Users who may have interacted with this domain should immediately rotate credentials, enable multi-factor authentication, and scan for potential malware infections. Continuous monitoring of this domain and associated infrastructure is advised due to the likelihood of rapid changes in hosting or distribution methods.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.88

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/b2b2dbfb-1cfa-4587-8df0-e3c116392cbd
- PhishDestroy: https://phishdestroy.io/domain/eng-desktop-legr.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/eng-desktop-legr.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/eng-desktop-legr.pages.dev/
Last updated: 2026-03-24