# sso-learn-start-ledzr.pages.dev — SUSPICIOUS > sso-learn-start-ledzr.pages.dev is a crypto drainer impersonating SSO login pages. Verify this domain on PhishDestroy. 0/95 VirusTotal detections ## Summary PhishDestroy identifies sso-learn-start-ledzr.pages.dev as an active crypto drainer campaign posing as a legitimate SSO login portal. This domain leverages social engineering to deceive users into connecting cryptocurrency wallets under the guise of authentication or credential verification. The threat actor behind this campaign employs a technique known as 'crypto drainer,' where victims unknowingly authorize malicious transactions upon entering their wallet credentials or granting approvals. Given the domain's recent activation and the absence of detections on major threat intelligence platforms, users interacting with this link are at immediate risk of financial loss. This domain was flagged through PhishDestroy’s threat intelligence pipeline on seed 1ba60f. The infrastructure is hosted via Cloudflare Pages, registered through Cloudflare, Inc., and resolves to IP 188.114.96.3. The SSL certificate is issued by Google Trust Services, which may be leveraged to appear legitimate. VirusTotal currently shows 0 detections out of 95 engines, indicating that mainstream security tools have not yet flagged the domain. No known entries exist on public blocklists such as Google Safe Browsing, PhishTank, or OpenPhish at the time of analysis. The domain was created recently, contributing to its low detection footprint. Technical indicators include the use of a Pages.dev subdomain, a common tactic among phishing actors to rapidly deploy malicious content under trusted cloud providers. Immediate mitigation is required. Users who have accessed this domain should revoke any wallet approvals via blockchain explorers such as Etherscan or Solscan, and transfer remaining funds to a clean wallet. Never enter wallet credentials or connect wallets on untrusted sites. Verify domain authenticity by cross-referencing official SSO portals through secure, bookmarked links. Report this domain to PhishDestroy and local CERT teams to support takedown efforts. Block the IP 188.114.96.3 at the network perimeter if applicable. Always inspect URLs for deviations in spelling or subdomain structure before interaction. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/sso-learn-start-ledzr.pages.dev - PhishDestroy: https://phishdestroy.io/domain/sso-learn-start-ledzr.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/sso-learn-start-ledzr.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/sso-learn-start-ledzr.pages.dev/ Last updated: 2026-04-06