# auths-ledgr.pages.dev — MALICIOUS

> Beware: auths-ledgr.pages.dev hosts a generic credential phishing page. Verify any suspicious links using PhishDestroy before entering credentials.

## Summary
PhishDestroy identifies auths-ledgr.pages.dev as a currently active generic phishing domain impersonating a login portal. The page is hosted via Cloudflare Pages and leverages Google Trust Services SSL certificates to appear legitimate. No custom drainer kit has been observed; the threat relies on social engineering to harvest credentials.  This domain resolves to IP 172.66.47.164 and was registered through Cloudflare, Inc. VirusTotal reports a detection ratio of 8/95 security vendors, indicating limited but meaningful coverage. The domain utilizes a Google-issued SSL certificate, which lowers immediate suspicion among end users. It remains unlisted on major blocklists at time of analysis, highlighting the importance of proactive threat hunting.  Current status is active with elevated risk. Immediate containment actions include network-level blocking where feasible. Users are strongly advised to verify all authentication prompts via PhishDestroy and avoid entering credentials on unfamiliar domains. While the campaign is not widespread, the use of legitimate hosting and SSL infrastructure increases its potential effectiveness. Remaining risk is moderate due to the domain’s active status and low blocklist presence.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.164

## Detection Status
- VirusTotal: 8 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/b0cc0635-c57c-4655-9c7e-6e5b9bdd1781
- PhishDestroy: https://phishdestroy.io/domain/auths-ledgr.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/auths-ledgr.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/auths-ledgr.pages.dev/
Last updated: 2026-03-22