# lldger-com-start.pages.dev — SUSPICIOUS

> Investigate lldger-com-start.pages.dev — a Google Pages-hosted phishing site flagged by 1/95 VirusTotal scanners. Avoid entering credentials.

## Summary
lldger-com-start.pages.dev is a phishing domain employing a generic phishing kit designed to harvest user credentials. The domain mimics legitimate branding (lldger) but is not affiliated with any verified entity. No specific drainer kit (e.g., crypto wallet drainer) was detected in available telemetry; the threat is primarily credential theft via spoofed login forms. The infrastructure leverages Google Trust Services for SSL certificates, likely to appear legitimate and bypass browser warnings.  

PhishDestroy identifies this domain resolving to IP 172.66.44.105, registered through Cloudflare, Inc., with a VirusTotal detection score of 1/95 security vendors. The domain is hosted on Google Pages (pages.dev), a legitimate service often abused by threat actors for low-cost phishing operations. There is no indication this domain appears on Google Safe Browsing (GSB) blocklists as of current telemetry, but its low VT score suggests limited exposure in security vendor feeds. The domain was recently created, though the exact date is not publicly disclosed in available registrant data.  

As of this assessment, lldger-com-start.pages.dev remains active and is actively serving phishing content. Immediate action is recommended to block this domain at the network level (e.g., DNS sinkholing, firewall rules). Users should avoid interacting with the site and report it to their security teams or via Google’s phishing report tool. While the risk is elevated due to active hosting and SSL certificate legitimacy, the low VT detection rate indicates it may not yet be widely recognized. Users should remain vigilant for similar domains leveraging cloud services for phishing campaigns.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.105

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/83a3a8e6-9896-45e5-9334-f7684371f31a
- PhishDestroy: https://phishdestroy.io/domain/lldger-com-start.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/lldger-com-start.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/lldger-com-start.pages.dev/
Last updated: 2026-03-22