# sso-ledgrr-live-en.pages.dev — MALICIOUS > PhishDestroy identifies sso-ledgrr-live-en.pages.dev as an active credential phishing page mimicking Google Docs SSO, flagged by 11/95 VirusTotal vendors. ## Summary PhishDestroy identifies sso-ledgrr-live-en.pages.dev as a Google Docs-themed credential phishing domain currently active on Cloudflare Pages. The site masquerades as an enterprise Single Sign-On portal, luring victims into entering corporate credentials under the guise of authentication. No specific drainer kit or brand spoofing component has been extracted from telemetry, but the page’s visual payload closely imitates Google Docs’ SSO interface to maximize deception. sso-ledgrr-live-en.pages.dev exhibits a VirusTotal detection ratio of 11/95 security vendors as of seed 094ece, indicating limited but concerning coverage by security stacks. The domain is registered through Cloudflare, Inc., resolves to IP address 172.66.45.30, and holds a Google Trust Services SSL certificate, which may confer an unwarranted air of legitimacy. While the exact creation timestamp is not publicly available, its active status and propagation across detection engines suggest recent deployment and ongoing campaign activity. It remains unblocked by Google Safe Browsing (GSB) at time of analysis, increasing exposure across Chrome and related ecosystems. Current status of the domain is active and propagating via phishing lures distributed through email and messaging platforms. Immediate response actions include updating browser blocklists to include the domain and IP, disabling access via corporate DNS filtering, and adding heuristic rules to detect SSO-themed credential harvesting. Despite these measures, the domain’s use of legitimate Cloudflare and Google infrastructure lowers the barrier for evasion, leaving organizations and individual users at elevated risk. Users are advised to verify any unsolicited SSO links directly with their IT department and enable multi-factor authentication on all critical accounts to mitigate credential theft. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.45.30 ## Detection Status - VirusTotal: 11 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/4ec848d5-166a-4f4e-8416-bf5697359e18 - PhishDestroy: https://phishdestroy.io/domain/sso-ledgrr-live-en.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/sso-ledgrr-live-en.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/sso-ledgrr-live-en.pages.dev/ Last updated: 2026-03-24