# sso-learn-start-ledgr.pages.dev — SUSPICIOUS

> Beware! The domain sso-learn-start-ledgr.pages.dev is actively impersonating login portals to steal credentials.

## Summary
PhishDestroy identifies a recently active phishing domain, sso-learn-start-ledgr.pages.dev, designed to mimic legitimate single sign-on (SSO) login interfaces for credential theft. This domain leverages a deceptive page name structure to appear authentic, targeting users expecting secure authentication portals. Initial analysis suggests no affiliation with a specific brand or drainer kit, but the domain’s naming convention implies an attempt to exploit trust in SSO systems. The threat type is classified as generic phishing due to its broad targeting nature and lack of association with a known brand or service.


This domain resolves to IP address 172.66.47.198 and is registered through Cloudflare, Inc., leveraging Cloudflare Pages for hosting. VirusTotal currently reports 0/95 detections, indicating it remains undetected by most security vendors as of the latest scan. The domain holds a valid SSL certificate issued by Google Trust Services, which may further enhance its credibility in phishing attempts. While the exact creation date is not provided, the domain’s active status and recent detection suggest it was registered within the past few weeks. Google Safe Browsing (GSB) and other blocklists have not yet flagged this domain, leaving users vulnerable to potential exposure.


The domain is currently marked as active with a risk level of 'under_investigation,' meaning its full capabilities and distribution methods are still being analyzed. PhishDestroy and collaborating threat intelligence teams are actively monitoring this domain to track its infrastructure and identify any associated malicious payloads or campaigns. Users should avoid interacting with this domain and report any encounters to their IT security teams or through official phishing reporting channels. The remaining risk is assessed as moderate, given the domain’s low detection rate and the potential for rapid spread if unchecked. Immediate caution and proactive blocking of the domain and IP address are recommended to mitigate exposure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.198

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/sso-learn-start-ledgr.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/sso-learn-start-ledgr.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/sso-learn-start-ledgr.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/sso-learn-start-ledgr.pages.dev/
Last updated: 2026-04-04