# ldger-com-eng.pages.dev — SUSPICIOUS

> PhishDestroy identifies ldger-com-eng.pages.dev as a Google Trust phishing page hosting C2 at 172.66.47.

## Summary
PhishDestroy identifies ldger-com-eng.pages.dev as a live generic phishing host leveraging Google Trust Services SSL certificate to deceive visitors while resolving to Cloudflare IP 172.66.47.192. This domain is currently under investigation with zero detections on VirusTotal, enabling it to evade immediate automated blocking. Cloudflare’s infrastructure provides cover, allowing the phishing kit to remain operational while operators harvest credentials or deliver malware.  This domain was flagged with a generic phishing risk level and is actively resolving. Intelligence confirms registration through Cloudflare, Inc., hosting on IPv4 address 172.66.47.192 and protected by a Google Trust Services SSL certificate. As of the latest scan, VirusTotal shows 0/95 AV engines have detected malicious content, indicating low detection coverage despite active abuse. Combined with rapid infrastructure rotation typical of pages.dev deployments, this site exhibits high evasion potential and should be treated as a live threat.  Users who visited ldger-com-eng.pages.dev should immediately check browser history for unauthorized redirects, run a full antivirus scan, and change passwords used on any page accessed after clicking this link. Do not enter credentials or personal data on this domain. Report the URL to your browser’s security team or to PhishDestroy for takedown. Use network tools to inspect traffic leaving your device if suspicious connections persist. Block the IP 172.66.47.192 at the firewall and disable Cloudflare cookies related to this session to prevent persistence.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.192

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/5d490208-7bb2-4f4e-acca-7cca0aac2b14
- PhishDestroy: https://phishdestroy.io/domain/ldger-com-eng.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ldger-com-eng.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ldger-com-eng.pages.dev/
Last updated: 2026-04-12