# sparrq.pages.dev — SUSPICIOUS

> sparrq.pages.dev lures users with a fake Google Drive login page to harvest credentials. Flagged by 0 of 95 VirusTotal vendors; avoid clicking and report.

## Summary
PhishDestroy identifies sparrq.pages.dev as an active Google Drive credential-harvesting site currently distributing a phishing kit. The domain resolves to 172.66.47.105 and is served over HTTPS with a Google Trust Services certificate, increasing the appearance of legitimacy. The campaign is marked under investigation with seed 89bd0f and is confirmed active as of the latest telemetry.  

This domain was flagged by 0 of 95 VirusTotal vendors at time of assessment and is registered through Cloudflare, Inc. The infrastructure resolves to IPv4 address 172.66.47.105 via Cloudflare’s proxy network. The SSL certificate, issued by Google Trust Services, leverages the company’s trusted brand to obfuscate malicious intent. While creation date and blocklist counts are not publicly disclosed in this dataset, the absence of detections highlights the need for proactive monitoring and user vigilance.  

Current status remains active, with delivery likely occurring via email or social engineering targeting Google Workspace users. Users are advised to avoid clicking links to sparrq.pages.dev and to report any unsolicited login prompts. Organizations should block the domain at the DNS and network levels, inspect proxy logs for outbound connections to 172.66.47.105, and update browser blocklists. Enable multi-factor authentication on Google accounts and conduct user awareness training to mitigate credential theft risk.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.105

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/aceb7eb2-bff4-4b5d-97c2-56218ed4f9b3
- PhishDestroy: https://phishdestroy.io/domain/sparrq.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/sparrq.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/sparrq.pages.dev/
Last updated: 2026-04-12