# us-ledgr-io.pages.dev — SUSPICIOUS

> Active phishing domain us-ledgr-io.pages.dev distributing fake Google Docs login pages. VirusTotal shows 0 detections despite hosting on Google Cloud IP 188.114.

## Summary
PhishDestroy identifies active phishing infrastructure linked to domain us-ledgr-io.pages.dev impersonating Google Docs collaboration platforms. This domain is currently serving malicious content designed to harvest user credentials under the guise of document sharing. The campaign remains under investigation while threat actors leverage Google's Trust Services certificates to lend credibility to their infrastructure.  This domain resolves to IP address 188.114.96.3 and was registered through Cloudflare, Inc. Virustotal scanning currently shows 0 detections out of 95 security vendors evaluating the domain, indicating this threat remains largely undetected by conventional security measures. The SSL certificate issued by Google Trust Services provides additional cover for malicious activities, while the domain's association with Cloudflare's infrastructure enables rapid evasion tactics. No historical blocklist entries were identified during initial assessment, though this may change as the investigation progresses.  As of current assessment, this threat remains active and poses significant risk to users who may encounter this domain through phishing emails or malicious links. Organizations should immediately block traffic to 188.114.96.3 at network perimeter and instruct users to avoid accessing any links containing us-ledgr-io.pages.dev. Enhanced monitoring of outbound traffic to this domain is recommended, particularly for any attempts to access document collaboration services from unexpected sources. Users who may have already interacted with this domain should change passwords for affected accounts and enable multi-factor authentication where available.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/21cb2cdd-7b80-4215-8246-1d8d67482f6e
- PhishDestroy: https://phishdestroy.io/domain/us-ledgr-io.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/us-ledgr-io.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/us-ledgr-io.pages.dev/
Last updated: 2026-03-24