# entgxckakoa.pages.dev — SUSPICIOUS

> entgxckakoa.pages.dev is a credential-harvesting probe hosted on Cloudflare Pages with 0/95 VirusTotal detections; avoid entering any credentials if encountered

## Summary
PhishDestroy identifies entgxckakoa.pages.dev as a credential-harvesting probe currently under investigation and marked as active. This Cloudflare Pages deployment is not yet widely flagged but poses a direct risk of tricking users into surrendering login details under false pretenses.

This domain resolves to IP 172.66.44.68 and is registered through Cloudflare, Inc. using a Google Trust Services SSL certificate; VirusTotal lists 0/95 detections. While no blocklist hits or additional telemetry are present in current feeds, its pages.dev origin and fresh infrastructure remain cause for concern.

Anyone who encounters entgxckakoa.pages.dev should refrain from entering any credentials or personal information. Report the domain immediately to your security team and avoid clicking any embedded links. Consider configuring DNS filtering rules to block pages.dev subdomains until further IOCs are published.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.68

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/782e91e8-902c-4280-b24b-b0fbdc1520a3
- PhishDestroy: https://phishdestroy.io/domain/entgxckakoa.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/entgxckakoa.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/entgxckakoa.pages.dev/
Last updated: 2026-03-25