# we-lader-desktop.pages.dev — SUSPICIOUS

> we-lader-desktop.pages.dev is distributing tech support scams despite 0/95 VirusTotal detection. Users should avoid clicking links and report fraudulent.

## Summary
PhishDestroy identifies we-lader-desktop.pages.dev as an active tech support scam domain under investigation for generic phishing. This Cloudflare-hosted site resolves to 172.66.47.203 and currently shows 0 detections out of 95 scans via VirusTotal, indicating it remains undetected by most security engines as of this report. The domain leverages Google Trust Services SSL and was registered through Cloudflare, Inc., using their Pages.dev platform to host malicious content.

This domain exhibits classic indicators of deception: hosted on a legitimate CDN provider (Cloudflare) to evade traditional blocking mechanisms while exploiting Google’s SSL infrastructure to appear trustworthy. Despite zero VirusTotal detections (0/95), its active status and threat type classification suggest it may soon escalate into widespread campaigns. The IP address 172.66.47.203 is a known Cloudflare node, further complicating geoblocking strategies for defenders. No public blocklist entries or reputation scores were found for this domain or IP at the time of analysis.

Users encountering this domain should immediately cease all interaction and avoid submitting any information. Enterprises should block 172.66.47.203 at the firewall and monitor internal DNS queries for we-lader-desktop.pages.dev. Employees should be warned through security awareness training about fake tech support pop-ups masquerading as system alerts. Report the domain to Google Safe Browsing, PhishTank, and your organization’s threat intelligence service. Cloudflare’s takedown procedures should be engaged via their abuse channels, referencing incident seed 0afaff.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.203

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4e42317e-218f-444c-8c10-3c250f24d58d
- PhishDestroy: https://phishdestroy.io/domain/we-lader-desktop.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/we-lader-desktop.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/we-lader-desktop.pages.dev/
Last updated: 2026-03-22