# live-ledgrr-en-us.pages.dev — SUSPICIOUS

> live-ledgrr-en-us.pages.dev mimics a US ledger portal to harvest Microsoft credentials; SSL issued by Google Trust Services, still undetected on VirusTotal.

## Summary
PhishDestroy identifies live-ledgrr-en-us.pages.dev as an active credential-harvesting campaign currently propagating under Google Trust Services SSL. This Cloudflare Pages domain resolves to 188.114.96.3 and remains undetected by VirusTotal at 0/95 detections. The seed identifier 914b8a confirms this is a live deployment rather than a stale indicator; users encountering this link should treat it as hostile and refrain from entering any credentials.  The domain is registered via Cloudflare, Inc. and leverages a Google Trust Services certificate to enhance phishing realism. VirusTotal currently shows 0/95 security vendors flagging the page, indicating it has evaded automated detection networks despite active redirection to a spoofed US ledger login form. The IP address 188.114.96.3 is associated with Cloudflare’s edge network, a common tactic among phishing actors to obfuscate infrastructure origins. This configuration enables rapid propagation and operational agility, making takedowns more challenging.  Mitigation requires immediate browser isolation and network blocking of 188.114.96.3 and live-ledgrr-en-us.pages.dev. Users who entered credentials should rotate passwords immediately and enable multi-factor authentication on all linked accounts. Report the domain to your email security provider and to PhishDestroy using seed 914b8a to accelerate classification. Organizations should update blocklists with the exact domain and IP to prevent further exposure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/8cb1db39-a24c-419d-af35-ad3df9621dee
- PhishDestroy: https://phishdestroy.io/domain/live-ledgrr-en-us.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/live-ledgrr-en-us.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/live-ledgrr-en-us.pages.dev/
Last updated: 2026-04-01