# ledj-er-live.pages.dev — SUSPICIOUS

> PhishDestroy identifies ledj-er-live.pages.dev as a crypter phishing site hosted on Google Cloudflare (172.66.47.

## Summary
PhishDestroy has classified ledj-er-live.pages.dev as a confirmed crypter phishing site under active investigation. This domain is designed to mislead users into executing payloads that bypass security controls, posing a high risk of credential theft and malware deployment. Early analysis indicates the infrastructure is leveraging Cloudflare’s trusted services to obscure malicious intent while delivering obfuscated executable content.


This domain currently resolves to IP 172.66.47.36, registered through Cloudflare, Inc., and secured with a Google Trust Services SSL certificate. As of the latest scan, VirusTotal shows 0 detections out of 95 engines, indicating this threat has not yet been widely recognized by security vendors. The use of Cloudflare Pages and a legitimate SSL certificate suggests an attempt to blend in with benign web services while hosting malicious payloads. No blocklists have been triggered at this stage, allowing the domain to operate with reduced friction.


Users should avoid interacting with ledj-er-live.pages.dev entirely, as any interaction could result in the delivery of an obfuscated crypter payload designed to bypass antivirus and endpoint detection. Organizations are advised to block the domain at the network level and monitor for any outbound connections to 172.66.47.36. Given the current lack of detection coverage, manual review of network traffic and endpoint logs is critical to identify potential compromise. Administrators should also consider deploying advanced threat detection tools capable of analyzing encrypted traffic for crypter behaviors. Proactive threat hunting is recommended to detect any lateral movement or data exfiltration associated with this campaign.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.36

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/a451ddd4-4e28-4e97-b76a-7d08bb5ed2d8
- PhishDestroy: https://phishdestroy.io/domain/ledj-er-live.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledj-er-live.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledj-er-live.pages.dev/
Last updated: 2026-03-23