# doc-ledgr-live.pages.dev — SUSPICIOUS

> PhishDestroy identifies doc-ledgr-live.pages.dev as a Google Docs credential phishing campaign. Resolves to IP 188.114.96.3. Do NOT enter any credentials.

## Summary
PhishDestroy identifies doc-ledgr-live.pages.dev as an active Google Docs credential phishing domain under investigation. This subdomain mimics a legitimate Google Docs ledger login page to harvest usernames, passwords, and MFA tokens. The threat is classified as credential harvesting via fake Google authentication pages. Visiting this landing page may result in immediate account takeover if any credentials are submitted.  

This domain was flagged by PhishDestroy using seed c4e648 and is currently tracked with 0 detections on VirusTotal across 95 security engines as of the latest scan. The page resolves to IP address 188.114.96.3 and is registered through Cloudflare, Inc., leveraging Google Trust Services SSL certificate to appear authentic. Cloudflare’s rapid DNS may obscure the true origin, but the combination of a Google-hosted subdomain and Cloudflare proxy often signals malicious impersonation campaigns targeting users expecting secure cloud storage services.  

If you visited doc-ledgr-live.pages.dev and entered any information—especially Google account credentials—immediately change your password via a trusted device and enable two-factor authentication. Review account activity for suspicious logins and revoke any unauthorized app permissions. Use a password manager to avoid manually typing credentials on unfamiliar sites. Report any suspicious activity to your IT team or email security@yourdomain.com. Do not click on unsolicited links claiming to be shared documents, even if they appear to come from known contacts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/1952b2ad-cebf-46cc-988a-0d0a30c3766b
- PhishDestroy: https://phishdestroy.io/domain/doc-ledgr-live.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/doc-ledgr-live.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/doc-ledgr-live.pages.dev/
Last updated: 2026-03-22