# sso-livee-en-ledgr.pages.dev — SUSPICIOUS

> PhishDestroy identifies sso-livee-en-ledgr.pages.dev as a live SSO phishing page targeting enterprise credentials. Check the full report.

## Summary
PhishDestroy has flagged the domain sso-livee-en-ledgr.pages.dev as an active phishing site impersonating a legitimate SSO login portal, designed to harvest enterprise user credentials. This threat is classified as a generic SSO phishing campaign under active investigation, with a current risk level of under_investigation. The domain leverages Cloudflare Pages for hosting, resolving to IP 172.66.47.200, and utilizes a Google Trust Services SSL certificate to appear legitimate. Despite 0 detections on VirusTotal out of 95 scanners, the site remains unlisted on major blocklists, indicating a recently deployed or evolving threat.  

This domain was registered through Cloudflare, Inc. and resolves to IP 172.66.47.200, hosted on Cloudflare Pages. The SSL certificate issued by Google Trust Services adds a veneer of authenticity, while VirusTotal’s 0/95 detection rate suggests it has evaded automated analysis—at least temporarily. Given the use of Cloudflare’s infrastructure and a trusted SSL provider, this phishing site is likely targeting organizations with relaxed domain scrutiny, relying on the reputation of the hosting and certificate authorities to bypass security measures. The absence of detections or blocklist entries further implies this is a fresh or adaptive threat, designed to slip past traditional defenses.  

To mitigate exposure to this SSO phishing campaign, organizations should immediately block the domain sso-livee-en-ledgr.pages.dev and the associated IP 172.66.47.200 at the network perimeter. Users should be warned against entering credentials into any unsolicited SSO login pages, particularly those hosted on cloud services like Cloudflare Pages. Implementing DNS filtering, browser-based anti-phishing extensions, and user awareness training on recognizing cloud-hosted login portals can significantly reduce the risk of credential theft. Given the low detection rate, manual verification of SSL certificates and domain legitimacy is strongly advised for IT teams.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.200

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/sso-livee-en-ledgr.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/sso-livee-en-ledgr.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/sso-livee-en-ledgr.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/sso-livee-en-ledgr.pages.dev/
Last updated: 2026-04-02