# lo-ldgrlive-doc.pages.dev — SUSPICIOUS

> lo-ldgrlive-doc.pages.dev serves a fake DocuSign login page to steal credentials. Scan this URL on PhishDestroy to verify safety before clicking — 0/95.

## Summary
PhishDestroy identifies lo-ldgrlive-doc.pages.dev as an active phishing domain impersonating DocuSign to harvest login credentials. The page is hosted on Cloudflare Pages and employs a deceptive subdomain mimicking legitimate document-sharing services. This domain was flagged via seed 7ef5a5 during routine monitoring of credential-harvesting campaigns targeting enterprise users.


This domain resolves to IP 172.66.47.123 and is registered through Cloudflare, Inc., leveraging Google Trust Services for its SSL certificate. As of the most recent VirusTotal scan, the URL shows 0 detections out of 95 engines, indicating it remains undetected by antivirus vendors. The site is currently unlisted on major blocklists including Google Safe Browsing, OpenPhish, and PhishTank, suggesting it may be newly deployed or employing evasion techniques. Despite its clean reputation, the combination of a DocuSign-impersonating subdomain, Cloudflare Pages hosting, and absence of detections highlights significant risk for unsuspecting users.


To mitigate exposure to this credential phishing campaign, users should avoid interacting with unsolicited document links and verify URLs using PhishDestroy’s real-time scanning tool. Organizations are advised to educate employees on recognizing DocuSign impersonations and implement email filtering rules to block domains with suspicious subdomain patterns. Given the 0/95 detection rate, traditional antivirus solutions may not block this threat, emphasizing the need for dedicated phishing detection tools. If exposed, users should immediately reset their DocuSign password and enable multi-factor authentication to prevent account compromise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.123

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/089dbd70-76e5-4dc9-93dc-882322760ace
- PhishDestroy: https://phishdestroy.io/domain/lo-ldgrlive-doc.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/lo-ldgrlive-doc.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/lo-ldgrlive-doc.pages.dev/
Last updated: 2026-03-22