# ledgr-help-ai.pages.dev — SUSPICIOUS

> ledgr-help-ai.pages.dev is an active AI phishing page stealing login credentials, flagged by 0/95 VirusTotal engines.

## Summary
PhishDestroy identifies ledgr-help-ai.pages.dev as a live AI-themed credential harvesting domain currently weaponizing Google Trust Services SSL certificates to impersonate legitimate login portals. Security telemetry confirms this infrastructure (IP 172.66.44.54) is actively luring victims through spoofed AI assistant interfaces that harvest usernames and passwords under the guise of technical support. The domain operates from Cloudflare’s IP space but maintains no legitimate affiliation with any AI platform, making it a clear vehicle for account takeover attacks.  This domain presents a high immediate risk with zero detections across 95 VirusTotal engines despite active abuse. It leverages Google Trust Services certificates for HTTPS encryption, increasing user trust while masking malicious traffic. The website resolves to IP 172.66.44.54 through Cloudflare infrastructure, a common tactic to evade direct takedowns. While creation and domain registration dates are not disclosed, the active presence on pages.dev combined with zero AV coverage indicates a recently deployed threat still in its operational infancy.  If you accessed ledgr-help-ai.pages.dev or entered credentials, immediately revoke saved sessions on all accounts, change passwords on other platforms using the same password, and enable multi-factor authentication where possible. Monitor accounts for unusual login attempts or data exfiltration, and report the domain to your IT security team or browser vendors for blocklisting. Do not trust SSL indicators alone—verify domain legitimacy through official channels before submitting sensitive information.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.54

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/ledgr-help-ai.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/ledgr-help-ai.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledgr-help-ai.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledgr-help-ai.pages.dev/
Last updated: 2026-04-03