# learn-lddgr-live.pages.dev — SUSPICIOUS > learn-lddgr-live.pages.dev masquerades as a legitimate learning portal to harvest credentials. Resolves to 172.66.47. ## Summary PhishDestroy identifies learn-lddgr-live.pages.dev as an active generic phishing domain impersonating an online learning platform to deceive users into surrendering login credentials or sensitive information. The domain leverages Cloudflare Pages hosting and Google Trust Services SSL certificate to appear legitimate, lowering suspicion while hosting fraudulent content. Initial VirusTotal scans show no detections (0/95), indicating the threat is either newly deployed or employs evasion techniques undetected by current signatures. This domain was flagged by internal analysis and currently carries an 'under_investigation' risk rating pending deeper forensic review. Key technical indicators include resolution to IP 172.66.47.132 via Cloudflare, Inc., and enrollment in Google Trust Services for SSL/TLS encryption. No third-party blocklist entries or historical detections are recorded at this time, suggesting recent activation or low-profile deployment. The domain's Cloudflare Pages integration implies rapid provisioning, while the trusted SSL issuer adds superficial credibility to phishing lures involving fake course logins or credential updates. As of now, no confirmed association with a specific impersonated brand has been validated, classifying it as a generic phishing operation. To mitigate exposure, users should immediately block 172.66.47.132 and the domain learn-lddgr-live.pages.dev at network and endpoint levels. Avoid accessing or interacting with any login forms or embedded content on this domain. If credentials were entered, revoke them immediately through official channels and enable multi-factor authentication where available. Report the domain to security teams or via phishing abuse channels (e.g., Google Safe Browsing, PhishTank) to accelerate takedown. Monitor for unusual account activity following potential exposure. Given the 0/95 VirusTotal score, this threat may expand in scope—prompt containment is critical to prevent credential harvesting campaigns from scaling. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.132 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/learn-lddgr-live.pages.dev - PhishDestroy: https://phishdestroy.io/domain/learn-lddgr-live.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/learn-lddgr-live.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/learn-lddgr-live.pages.dev/ Last updated: 2026-04-05