# ayoola.pages.dev — SUSPICIOUS

> PhishDestroy identifies ayoola.pages.dev as a credential-harvesting phishing site hosted on 172.66.47.166. Check the full report for IOCs and TTPs.

## Summary
PhishDestroy has flagged ayoola.pages.dev for active credential-harvesting phishing attacks masquerading as legitimate login portals. The domain, registered via Cloudflare, leverages Google’s Trust Services SSL certificate (issued by GTS CA 1C3) to lend false legitimacy to its malicious infrastructure. Currently under investigation, this domain remains unresolved by public blocklists, showing zero detections on VirusTotal (0/95 engines). 

Technical indicators confirm its malicious intent: the site resolves to IP 172.66.47.166 (ASN 13335, Cloudflare), employs a Google-validated SSL certificate, and is hosted on Cloudflare Pages—a service frequently abused for phishing due to its free tier and rapid deployment capabilities. Despite Cloudflare’s protections, the domain’s recent activation and lack of detections highlight its stealthy nature. No historical blocklist entries exist for this domain, and its age remains undetermined given its dynamic Cloudflare-hosted infrastructure. 

Mitigation requires immediate action: block traffic to the domain at the firewall and DNS level, flag the associated IP (172.66.47.166) as malicious, and revoke trust in any Google Trust Services certificates tied to *.pages.dev subdomains. Users should treat emails or messages linking to ayoola.pages.dev as high-risk phishing attempts, avoiding credential input entirely. Organizations are advised to update proxy and email filter rules to quarantine or block this domain dynamically. Further IOCs and TTPs are available in the full threat report for integration into security tooling.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.166

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c9357a8e-57e1-4b88-b8dd-9186685e75af
- PhishDestroy: https://phishdestroy.io/domain/ayoola.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ayoola.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ayoola.pages.dev/
Last updated: 2026-03-24