# io-bridge-doc-pege.pages.dev — SUSPICIOUS

> io-bridge-doc-pege.pages.dev is an active Google Docs phishing page hosted on Cloudflare (IP 172.66.44.74).

## Summary
PhishDestroy identifies io-bridge-doc-pege.pages.dev as an active phishing site masquerading as a Google Docs document. The domain leverages Cloudflare Pages to host a generic phishing template, likely targeting users with deceptive document-sharing lures. No specific brand impersonation (e.g., Microsoft 365, DocuSign) or drainer kit (e.g., wallet drainers like VenomDrainer) has been confirmed at this stage, but the generic nature suggests opportunistic credential theft or malware delivery. The campaign’s low sophistication implies automated deployment, possibly targeting victims via phishing emails or social engineering.  

Exact technical indicators confirm this domain’s active status and evasive infrastructure. VirusTotal currently flags 0/95 security vendors for malicious activity (as of seed be5b83), indicating a newly emerged or undetected threat. The domain resolves to IP 172.66.44.74, registered through Cloudflare, Inc., with a Google Trust Services SSL certificate—exploiting legitimate providers to bypass security filters. Creation date remains undisclosed via WHOIS, but the Cloudflare Pages origin suggests recent deployment (within days or weeks). Google Safe Browsing (GSB) status is unconfirmed, and no blocklist entries (e.g., PhishTank, OpenPhish) were detected during initial checks. The absence of detections underscores the urgency for proactive blocking.  

This domain remains ACTIVE with no takedown actions recorded as of seed be5b83. Immediate response is critical: organizations should block io-bridge-doc-pege.pages.dev at the DNS/firewall level and alert users to avoid the domain entirely. Remaining risk is HIGH due to the undetected status, Cloudflare’s reputation for abuse, and the potential for rapid propagation via phishing emails. Users are advised to verify URLs via direct navigation (not links), enable multi-factor authentication (MFA) on sensitive accounts, and report suspicious activity to security teams. Further investigation is required to determine the final payload (e.g., credential harvesting, malware) and expand blocklists. Proactive monitoring is essential to prevent escalation.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.74

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/fd4b9fe8-e20c-445d-b727-25e7a465e264
- PhishDestroy: https://phishdestroy.io/domain/io-bridge-doc-pege.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/io-bridge-doc-pege.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/io-bridge-doc-pege.pages.dev/
Last updated: 2026-03-21