# enu-ledgeir.pages.dev — SUSPICIOUS

> Beware: enu-ledgeir.pages.dev impersonates a login portal to steal credentials. VirusTotal detects 0/95 security tools. Check the full report.

## Summary
PhishDestroy identifies enu-ledgeir.pages.dev as an ACTIVE generic phishing domain masquerading as a login portal, currently under investigation with a risk level of UNDER_INVESTIGATION. The domain leverages Cloudflare's Pages service to host a deceptive interface, likely targeting unsuspecting users with credential theft tactics. Analysis reveals zero detections (0/95) on VirusTotal at the time of writing, indicating evasion from mainstream security tools. It resolves to Cloudflare's IP 188.114.97.3, registered through Cloudflare, Inc., with an SSL certificate issued by Google Trust Services — attributes often exploited to lend false legitimacy to phishing infrastructure.


This domain exhibits high-risk characteristics typical of phishing campaigns. Notably, it has not yet been flagged by major blocklists despite its malicious intent, relying instead on Cloudflare's infrastructure to obscure its origins. The absence of detections (0/95) suggests either a newly deployed campaign or one specifically engineered to bypass automated detection mechanisms. Such tactics are common in credential harvesting operations, where threat actors rapidly spin up domains to exploit trust in reputable services like Cloudflare.


To mitigate exposure to this threat, users should avoid interacting with enu-ledgeir.pages.dev or any unsolicited login portals linked from emails or messages. Organizations should configure email security filters to block domains associated with Cloudflare Pages hosting suspicious content and enforce multi-factor authentication to reduce the impact of credential theft. Network defenders are advised to monitor for connections to IP 188.114.97.3 and inspect SSL certificates issued by Google Trust Services, particularly those tied to recently registered domains. Immediate reporting to threat intelligence platforms can help prevent further propagation.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/2320dcc4-5d5e-4eba-8d49-54eea0369c1c
- PhishDestroy: https://phishdestroy.io/domain/enu-ledgeir.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/enu-ledgeir.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/enu-ledgeir.pages.dev/
Last updated: 2026-04-12