# support--ldgr-live-app.pages.dev — MALICIOUS

> Domain support--ldgr-live-app.pages.dev hosts a high-risk phishing campaign mimicking legitimate login pages.

## Summary
PhishDestroy identifies support--ldgr-live-app.pages.dev as a high-risk phishing domain currently active and leveraging Google’s Pages.dev infrastructure to host fraudulent login pages. This domain resolves to IP 172.66.47.55 and relies on a Cloudflare-issued SSL certificate under Google Trust Services, creating a deceptive facade of legitimacy. The threat actor behind this campaign is distributing links via social engineering tactics, tricking users into entering sensitive credentials on spoofed pages that closely resemble legitimate authentication portals. Given the domain’s direct association with credential harvesting, users interacting with this site face an immediate risk of account compromise, financial fraud, or identity theft.  

This domain was flagged by 12 out of 95 security vendors on VirusTotal, indicating moderate but concerning detection coverage. Google Safe Browsing has classified it under the SOCIAL_ENGINEERING category, explicitly warning users about its malicious intent. Hosted on Cloudflare Pages with a Google Trust Services SSL certificate, the domain exploits the trust associated with both platforms to evade initial suspicion. The phishing kit deployed here is designed to harvest login credentials, session tokens, or payment details, likely targeting users expecting support or login-related services. Based on infrastructure analysis, this domain is part of a broader campaign aimed at mimicking legitimate service portals, increasing the likelihood of successful user engagement.  

If you or anyone in your organization has visited support--ldgr-live-app.pages.dev, immediately cease any interaction with the site and avoid entering any credentials or personal information. Isolate the device if possible and scan for malware or unauthorized access. Report the domain to your security team and consider revoking any credentials that may have been exposed. Update passwords for affected accounts using a separate, trusted device, and enable multi-factor authentication where available. Monitor financial accounts and user activity logs for signs of compromise. Forward any suspicious emails or links to your SOC for further analysis and block this domain at the network perimeter to prevent further access.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.55

## Detection Status
- VirusTotal: 12 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/6e714ed6-b665-44d1-ac43-721a38b0a09f
- PhishDestroy: https://phishdestroy.io/domain/support--ldgr-live-app.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/support--ldgr-live-app.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/support--ldgr-live-app.pages.dev/
Last updated: 2026-04-11