# help---live-desktop.pages.dev — SUSPICIOUS

> help---live-desktop.pages.dev is a Microsoft support scam phishing domain with 0/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy identifies help---live-desktop.pages.dev as a live Microsoft support scam phishing domain under active investigation for generic phishing tactics. The domain mimics legitimate Microsoft support portals, leveraging deceptive branding to trick users into divulging credentials or payment details. No drainer kit has been confirmed yet, but the threat vector aligns with classic tech support scams where victims are coerced into calling fake helplines or downloading malicious software. The domain’s structure—hyphenated and obfuscated—suggests deliberate attempts to bypass basic URL filtering mechanisms.


Technical indicators reveal a 0/95 VirusTotal detection score, indicating no current blacklisting despite its malicious intent. The domain resolves to IP 172.66.45.31 and is registered through Cloudflare, Inc., which obscures the true registrant’s identity. The SSL certificate, issued by Google Trust Services, adds a veneer of legitimacy, a common tactic in phishing campaigns. While creation and GSB (Google Safe Browsing) status remain undisclosed, the absence of detections suggests this is a newly deployed threat. The domain’s reliance on Cloudflare’s infrastructure further complicates takedown efforts, as abuse reports may be deprioritized.


This domain remains active with a 'under_investigation' status, meaning immediate takedown is not guaranteed. Users should avoid interacting with help---live-desktop.pages.dev entirely, as the risk of credential theft or malware delivery is high. Security teams are advised to block the domain at the network level and monitor for related IOCs (Indicators of Compromise) such as the resolved IP 172.66.45.31. Remaining risk hinges on the threat actor’s ability to evade detection tools, warranting heightened vigilance and proactive blocking. PhishDestroy recommends reporting this domain to Cloudflare and Google Safe Browsing to expedite mitigation efforts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.45.31

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/help---live-desktop.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/help---live-desktop.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/help---live-desktop.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/help---live-desktop.pages.dev/
Last updated: 2026-04-11