# lern-leddgr-live.pages.dev — SUSPICIOUS > lern-leddgr-live.pages.dev poses as a legitimate learning portal to harvest credentials. VirusTotal shows 0/95 detections despite Cloudflare hosting. ## Summary The domain lern-leddgr-live.pages.dev has been identified as an active phishing site masquerading as a learning portal to deceive users into submitting sensitive credentials. This domain employs a generic phishing tactic, likely targeting individuals seeking educational resources, with no specific brand or drainer kit exploitation detected at this stage. The threat actor leverages legitimate infrastructure, including Cloudflare Pages for hosting, to obfuscate malicious intent while exploiting the trust associated with reputable services. The domain’s naming convention suggests an attempt to mimic legitimate educational platforms, potentially capitalizing on user trust in .pages.dev domains or Cloudflare’s hosting services. Technical indicators reveal a concerning lack of detection despite clear malicious intent. The domain resolves to IP 188.114.97.3 and operates under Cloudflare, Inc. as the registrar, registered through their Pages service. The SSL certificate, issued by Google Trust Services, adds a layer of authenticity, further complicating user detection of the scam. As of the latest assessment, VirusTotal reports 0/95 detections, indicating this domain has evaded immediate detection by security vendors. This low detection rate highlights the effectiveness of leveraging legitimate infrastructure to host phishing content. Additionally, the domain’s recent registration and minimal history contribute to its stealthy operation, posing challenges for proactive blocking or takedown efforts. This domain remains active and under investigation, with a current status classified as high-risk due to its potential to cause significant harm. The lack of detection on VirusTotal suggests that traditional security measures may not yet recognize this domain as malicious, delaying response actions. Immediate steps include blocking the domain at the network and endpoint levels, updating firewall rules to restrict access to 188.114.97.3, and flagging the domain for further analysis by threat intelligence teams. Users are strongly advised to avoid interacting with lern-leddgr-live.pages.dev and report any suspicious encounters. While the current risk is elevated due to the domain’s active status and low detection rate, ongoing monitoring and collaborative threat intelligence sharing will be critical in mitigating its impact. Users should remain vigilant for similar deceptive domains and prioritize verifying the legitimacy of educational or login portals before entering credentials. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/lern-leddgr-live.pages.dev - PhishDestroy: https://phishdestroy.io/domain/lern-leddgr-live.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/lern-leddgr-live.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/lern-leddgr-live.pages.dev/ Last updated: 2026-04-05