# ldgr-live-destop-faq-cav.pages.dev — SUSPICIOUS > PhishDestroy identifies ldgr-live-destop-faq-cav.pages.dev as a credential theft page with 2/95 VirusTotal detections. Block immediately to protect credentials. ## Summary PhishDestroy has confirmed that ldgr-live-destop-faq-cav.pages.dev is actively hosting a credential theft page designed to harvest user login details. The domain masquerades as an informational FAQ page, likely leveraging a generic or fake brand name to deceive visitors. No evidence of a crypto drainer kit or advanced obfuscation was observed during analysis, indicating a focus on traditional credential harvesting rather than asset drainage. This domain presents several distinct technical indicators for identification and blocking. VirusTotal reports a detection ratio of 2 out of 95 security vendors as of the analysis window, with the SSL certificate issued by Google Trust Services to enhance perceived legitimacy. Registered through Cloudflare, Inc., the domain resolves to IP address 172.66.47.147, which is associated with Cloudflare’s infrastructure. While the exact creation date was not disclosed in open sources, the use of a Google Pages (.pages.dev) subdomain suggests recent deployment. This domain remains unclassified by Google Safe Browsing (GSB) at the time of reporting, though it is likely to trigger blocklists due to its confirmed malicious activity. As of the latest assessment, the domain is assessed as ACTIVE and presenting an ELEVATED risk profile. PhishDestroy has flagged this page due to confirmed malicious intent focused on credential theft. Immediate action is recommended to block the domain at the network and endpoint levels. Users should avoid accessing this domain and report any instances of credential submission. Given the use of Cloudflare infrastructure and Google-hosted pages, traditional IP-based blocking may be less effective; instead, domain and URL-based blocking policies should be prioritized. Despite active monitoring, this threat remains present and capable of evolving or spreading through phishing campaigns. Organizations are urged to update threat intelligence feeds and internal blocklists promptly. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.147 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/47010779-799e-4685-b9c5-aeff51655c17 - PhishDestroy: https://phishdestroy.io/domain/ldgr-live-destop-faq-cav.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ldgr-live-destop-faq-cav.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ldgr-live-destop-faq-cav.pages.dev/ Last updated: 2026-03-21