# learns-ledgr-live-exp.pages.dev — SUSPICIOUS

> learns-ledgr-live-exp.pages.dev hosts a Google Drive phishing kit stealing credentials. Resolves to 188.114.97.3 with 0/95 VirusTotal detections.

## Summary
The domain learns-ledgr-live-exp.pages.dev has been flagged as an active Google Drive credential theft kit by PhishDestroy’s automated analysis pipeline. This phishing domain mimics Google Drive’s legitimate pages.dev subdomain structure to deceive users into entering sensitive login credentials, posing as a file-sharing or document access portal. The threat type is classified as generic_phishing due to the use of a decoy interface designed to harvest credentials under the guise of a trusted service. No specific drainer kit variant has been identified in open-source intelligence at this time, but the domain’s infrastructure aligns with common phishing kits targeting cloud storage authentication workflows.


Technical indicators confirm this domain’s malicious intent and operational status. VirusTotal currently reports 0/95 detection engines flagging the domain, indicating it remains under the radar of most AV/EDR solutions as of the latest scan. The domain is registered through Cloudflare, Inc. and resolves to IP address 188.114.97.3, which is associated with Cloudflare’s edge network. The SSL certificate is issued by Google Trust Services, likely to enhance the appearance of legitimacy. While the exact creation date is not publicly disclosed via WHOIS, the active status and lack of detections suggest recent deployment. Google Safe Browsing (GSB) has not yet blacklisted this domain, and no third-party blocklist currently includes it. These indicators suggest a newly deployed or evasive threat actor leveraging trusted infrastructure to bypass detection.


The domain remains active and poses an ongoing risk to users who may encounter it via phishing emails, malicious links, or compromised advertisements. PhishDestroy has flagged this domain as under_investigation, indicating active monitoring and data collection for further threat intelligence enrichment. Users are advised to avoid interacting with this domain and report any encounters to their security teams or through phishing reporting platforms. The current risk level is classified as under_investigation due to the absence of detections, but the domain’s infrastructure and behavior strongly suggest malicious intent. Security researchers are encouraged to monitor this domain for changes in infrastructure or payload delivery mechanisms as the investigation progresses.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/1e1e25c3-8215-4b42-8d43-473ceb039918
- PhishDestroy: https://phishdestroy.io/domain/learns-ledgr-live-exp.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/learns-ledgr-live-exp.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/learns-ledgr-live-exp.pages.dev/
Last updated: 2026-04-13