# live-desktop-legdrr.pages.dev — SUSPICIOUS > Live-desktop-legdrr.pages.dev is a generic phishing domain hosted on Cloudflare that impersonates Remote Desktop services. ## Summary PhishDestroy identifies live-desktop-legdrr.pages.dev as an active generic phishing domain impersonating Remote Desktop services for credential harvesting. The domain leverages Cloudflare Pages to host a convincing fake login portal designed to trick users into submitting enterprise credentials under the guise of remote access authentication. No branded kit or known drainer script signatures were detected in initial sandboxing; instead, the lure relies on the generic pretext of "remote desktop session continuation" to lower user suspicion. This domain was flagged by 2 out of 95 security vendors on VirusTotal and resolves to IP 188.114.97.3 via Cloudflare proxy. It is registered through Cloudflare, Inc., utilizes a Google Trust Services SSL certificate for HTTPS legitimacy, and shows no immediate presence on Google Safe Browsing lists. The SSL certificate expires in approximately 90 days and was issued on an unspecified date prior to discovery. The campaign remains active as of current analysis with elevated risk to enterprise users expecting legitimate remote access workflows. Immediate actions include blacklisting the domain and IP on corporate DNS, email, and firewall layers; disabling auto-redirects to external domains in remote access portals; and user awareness training to recognize generic "remote desktop" lures. While the infrastructure is ephemeral due to Cloudflare Pages deployment, the threat vector persists through rapid domain cycling. Users are advised to verify URLs via internal SSO or VPN portals and report any unsolicited remote desktop prompts to IT security teams. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/3daadd25-a153-4049-ad24-6cafdeae7e40 - PhishDestroy: https://phishdestroy.io/domain/live-desktop-legdrr.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/live-desktop-legdrr.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/live-desktop-legdrr.pages.dev/ Last updated: 2026-03-25