# procedure-help-ledgree.pages.dev — SUSPICIOUS > PhishDestroy identifies procedure-help-ledgree.pages.dev as a new Google Sites phishing page (0/95 VT detections) pushing credential harvester kits. ## Summary PhishDestroy identifies procedure-help-ledgree.pages.dev as an active credential-harvesting phishing domain impersonating Google Sites. The threat type is generic phishing, with no brand or drainer kit attribution currently identified. The domain leverages Cloudflare's privacy service, relying on Google's Trust Services SSL certificate to appear legitimate, while resolving to IP 188.114.96.3. Initial intelligence shows zero detections on VirusTotal out of 95 engines, indicating a recently deployed campaign with low detection rates. This domain was flagged with a VirusTotal score of 0/95 detections, registered through Cloudflare, Inc., resolving to IP 188.114.96.3 under Google Trust Services SSL certification. The domain is served via Google Pages, leveraging the platform's perceived trustworthiness to deceive users. Notably, it remains unlisted on Google Safe Browsing (GSB) and public blocklists as of the latest scan, highlighting a window of opportunity for threat actors to operate undetected. Technical artifacts such as the absence of a drainer kit and the use of Cloudflare's privacy masking suggest an opportunistic campaign targeting users unfamiliar with Google Sites' subdomain structure. As of the latest assessment, procedure-help-ledgree.pages.dev remains active and under investigation, with no mitigation actions applied by hosting providers. The current risk level is classified as 'under_investigation', pending further forensic analysis and potential takedown requests. Users are advised to avoid interaction, block the domain at DNS/network levels, and report instances to PhishDestroy analysts for immediate triage. Remaining risk includes the domain's potential to harvest credentials or distribute malware through embedded forms, compounded by its use of Google's infrastructure to bypass traditional security filters. Immediate user education and proactive blocking are critical to prevent compromise while the domain remains operational. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/procedure-help-ledgree.pages.dev - PhishDestroy: https://phishdestroy.io/domain/procedure-help-ledgree.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/procedure-help-ledgree.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/procedure-help-ledgree.pages.dev/ Last updated: 2026-04-05