# lezar-live-desktop.pages.dev — SUSPICIOUS

> PhishDestroy identifies lezar-live-desktop.pages.dev as a fake desktop login phishing page hosted on Cloudflare IP 188.114.96.3 with 0/95 VirusTotal detections.

## Summary
PhishDestroy research identifies lezar-live-desktop.pages.dev as a live phishing endpoint masquerading as a desktop login portal. This domain specifically targets users by presenting a spoofed interface designed to harvest Microsoft or enterprise credentials. Attackers leverage Cloudflare Pages and Google Trust Services certificates to appear legitimate while hosting the phishing content on IP 188.114.96.3, a known Cloudflare edge node frequently abused in credential theft campaigns. The domain is currently active and under active investigation with 0 detections on VirusTotal as of the latest scan, indicating it has evaded immediate detection despite its malicious purpose.

This threat is classified as a generic phishing attack with a high evasion profile. The domain resolves through Cloudflare, Inc., a common choice for phishing operators due to the service’s legitimate infrastructure and global CDN support. VirusTotal currently reports 0/95 antivirus engines flagging this domain, demonstrating how new or well-camouflaged phishing pages can bypass detection systems. While the SSL certificate is issued by Google Trust Services—often seen as a trust signal—the domain itself has no legitimate association with Microsoft or enterprise login systems, and its recent deployment suggests opportunistic targeting of users seeking remote access tools.

Users who visited lezar-live-desktop.pages.dev should immediately check their account credentials for any services entered on the page. If credentials were entered, change passwords on affected accounts and enable multi-factor authentication where possible. Monitor accounts for unusual activity and consider revoking any sessions initiated from unrecognized devices. Report the domain to your organization’s security team or via phishing reporting tools such as Google Safe Browsing or Microsoft’s Phish Report. Avoid re-entering credentials or downloading files from this domain, and ensure browser and system updates are applied to maintain protection against similar threats. The combination of low detection rates and use of trusted infrastructure highlights the need for heightened vigilance and layered security measures.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/80e72cef-1f67-4451-925e-22b36c6c8935
- PhishDestroy: https://phishdestroy.io/domain/lezar-live-desktop.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/lezar-live-desktop.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/lezar-live-desktop.pages.dev/
Last updated: 2026-03-22