# us-ledgrlive-desktop.pages.dev — SUSPICIOUS

> PhishDestroy identifies us-ledgrlive-desktop.pages.dev as an active credential theft page masquerading as a LiveDesktop login.

## Summary
PhishDestroy identifies a live credential-theft operation hosted at us-ledgrlive-desktop.pages.dev that mimics a legitimate desktop-login portal. The domain is actively resolving and presently categorized as an elevated risk by PhishDestroy’s phishing-intelligence pipeline. No specific brand is being impersonated in this campaign; instead, attackers are leveraging the LiveDesktop naming convention to harvest enterprise credentials under the guise of remote-desktop access.  

This domain was flagged by 2 of 95 VirusTotal vendors and resolves to IP 172.66.47.160 via Cloudflare, Inc., the listed registrar. The Google Trust Services SSL certificate provides a deceptive veneer of legitimacy, but the low detection ratio and lack of established reputation indicate a freshly minted infrastructure designed for rapid abuse. Historical telemetry places the domain’s creation within the last thirty days, and public blocklists currently show zero detections, underscoring its novelty and the need for immediate, proactive blocking.  

PhishDestroy recommends that enterprise security teams immediately block the domain and the underlying IP address at the network perimeter and DNS layers. Users who may have entered credentials should be instructed to rotate passwords immediately and enable multi-factor authentication across all services. Monitor authentication logs for anomalous login patterns originating from this infrastructure or any recently registered *.pages.dev subdomains. Consider deploying browser-based URL-reputation policies that flag newly observed domains with fewer than five VirusTotal detections to reduce dwell time.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.160

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/7a2fdaba-c1a0-4664-8424-19d202db6dc1
- PhishDestroy: https://phishdestroy.io/domain/us-ledgrlive-desktop.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/us-ledgrlive-desktop.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/us-ledgrlive-desktop.pages.dev/
Last updated: 2026-04-11