# connect-leger-live.pages.dev — SUSPICIOUS

> connect-leger-live.pages.dev is a live Microsoft 365 phishing page flagged by 0 of 95 VirusTotal vendors. Check the full report.

## Summary
PhishDestroy identifies connect-leger-live.pages.dev as a live Microsoft 365 credential harvesting domain actively impersonating the Leger brand. The campaign remains in active status, with threat actors leveraging Cloudflare Pages to host the fraudulent login portal. Initial telemetry suggests this infrastructure may be part of a broader operation targeting enterprise users with spoofed collaboration-themed lures. 

This domain was flagged by 0 of 95 VirusTotal vendors as of the latest scan, indicating current evasion of automated detection mechanisms. The infrastructure is registered through Cloudflare, Inc., resolving to IP 172.66.45.6 via Google Trust Services SSL certificates, which suggests an attempt to lend false legitimacy to the phishing page. The domain was created recently, with no historical data available in standard WHOIS databases at the time of analysis. Domain age and reputation metrics remain undetermined due to the recent registration, increasing the risk of successful user compromise. 

The domain is currently active and poses an immediate threat to users who may encounter it through phishing emails or malicious links. Given the absence of vendor detections and the use of reputable hosting and SSL providers, this campaign demonstrates a high level of sophistication in evading security controls. Organizations are advised to block the domain at the DNS and firewall levels immediately. Additionally, users should be alerted to verify the authenticity of any unsolicited login prompts, particularly those referencing collaboration tools or enterprise services. Immediate investigation of any potential credential exposure is strongly recommended to mitigate downstream compromise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.45.6

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4cc10183-4301-44d8-8116-f7008211a680
- PhishDestroy: https://phishdestroy.io/domain/connect-leger-live.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/connect-leger-live.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/connect-leger-live.pages.dev/
Last updated: 2026-03-22