# eng-ledgeirlive.pages.dev — SUSPICIOUS

> eng-ledgeirlive.pages.dev hosts a credential theft phishing page with 0/95 VirusTotal detections. Block immediately to prevent data exposure.

## Summary
PhishDestroy identifies eng-ledgeirlive.pages.dev as an active credential theft phishing domain under investigation. This Pages.dev-hosted threat impersonates legitimate services to harvest user credentials, presenting a significant risk to unsuspecting visitors. The domain’s recent activation and low detection rates warrant immediate scrutiny as it may evade traditional security measures.  This domain resolves to IP 188.114.97.3, registered through Cloudflare, Inc. with a Google Trust Services SSL certificate. VirusTotal currently shows 0/95 detections, indicating negligible detection at the time of analysis. The Pages.dev platform, leveraged for hosting, is legitimate but frequently abused by threat actors for phishing campaigns due to its ease of deployment and masking capabilities. No blocklist entries were detected in public feeds at investigation time, and the domain’s recent creation suggests an opportunistic campaign targeting users seeking quick access to purported services.  Mitigation against credential theft phishing like this requires layered defenses. Network administrators should block the domain and its resolving IP at the firewall level. Users should verify URLs before inputting credentials and enable multi-factor authentication on all accounts. Security teams are advised to monitor for exfiltrated credentials on dark web forums and update threat intelligence feeds with these indicators. Immediate takedown requests should be filed with Cloudflare and the hosting provider to disrupt the campaign.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/424c1d9c-82ec-4bed-929b-a88e8b6f98c9
- PhishDestroy: https://phishdestroy.io/domain/eng-ledgeirlive.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/eng-ledgeirlive.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/eng-ledgeirlive.pages.dev/
Last updated: 2026-03-29