# live-en-desktop-eng.pages.dev — SUSPICIOUS > Beware: live-en-desktop-eng.pages.dev is a crypto drainer impersonating a Windows update page. 0/95 VirusTotal detections. Verify safety on PhishDestroy. ## Summary PhishDestroy identifies live-en-desktop-eng.pages.dev as a live crypto drainer campaign masquerading as a Windows system update, deploying malicious payloads to siphon cryptocurrency from unwitting victims. live-en-desktop-eng.pages.dev resolves to IP 172.66.47.202 and is registered through Cloudflare, Inc. The domain hosts a generic phishing page with no direct brand impersonation but leverages deceptive system update prompts to trick users into executing a crypto drainer. VirusTotal currently shows 0/95 detections, indicating no antivirus or security vendor has flagged the payload yet. The domain uses a Google Trust Services SSL certificate for added legitimacy, while the Cloudflare registrar suggests an effort to obscure true ownership and hosting details. The absence of blocklist entries implies this is a recently activated domain with a low detection profile. This domain remains active and under investigation, with no immediate blocklist coverage at detection time. Security researchers should monitor for IOC expansion, including payload hashes and additional IP ranges associated with this campaign. Users are advised to avoid interacting with unsolicited system update prompts and to verify domain safety using PhishDestroy’s threat intelligence before proceeding. While the crypto drainer kit has not been fully reverse-engineered, the combination of low VT score, Google-hosted infrastructure, and deceptive UI signals a high-risk threat with potential for rapid escalation. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.202 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/live-en-desktop-eng.pages.dev - PhishDestroy: https://phishdestroy.io/domain/live-en-desktop-eng.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/live-en-desktop-eng.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/live-en-desktop-eng.pages.dev/ Last updated: 2026-04-04