# io-en-ledge.pages.dev — SUSPICIOUS

> PhishDestroy identifies io-en-ledge.pages.dev as an active credential-harvesting domain. Resolves to 188.114.97.3 and flagged by 1/95 VirusTotal scanners.

## Summary
PhishDestroy identifies io-en-ledge.pages.dev as an active credential-harvesting endpoint posing an elevated risk to end users. This Pages.dev subdomain is currently hosting a generic phishing campaign designed to trick visitors into submitting sensitive login credentials under the guise of a legitimate service. The infrastructure—hosted on Cloudflare Pages and resolving to IP 188.114.97.3—is actively resolving and serving malicious content, with indicators pointing to a recent deployment intended for short-lived, high-impact exploitation.

This domain was flagged by 1 out of 95 VirusTotal security vendors, indicating limited but present detection. It was registered through Cloudflare, Inc. via their Pages.dev platform, and is secured with a Google Trust Services SSL certificate. The domain resolves to a single IPv4 address (188.114.97.3), which is associated with dynamic Cloudflare edge infrastructure. While no public blocklist entries were detected at the time of analysis, the combination of low detection rates, active resolution, and phishing payload type elevates the risk profile. The use of Google Trust Services SSL further increases the appearance of legitimacy, potentially deceiving cautious users.

Users are strongly advised to avoid accessing io-en-ledge.pages.dev and to report any encounters to their IT security team or via a trusted threat intelligence platform. Organizations should block the domain at the network perimeter and inspect DNS logs for requests to 188.114.97.3. Since this threat involves credential harvesting, users should change passwords only after confirming the safety of the service and enable multi-factor authentication where possible. Security teams should monitor for related domains or IP reuse and consider blocking the entire Pages.dev subdomain range associated with this campaign. Prompt reporting helps disrupt ongoing phishing operations and protects other potential victims.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/37d33b9d-964e-41df-ab5d-859eaf323c9a
- PhishDestroy: https://phishdestroy.io/domain/io-en-ledge.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/io-en-ledge.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/io-en-ledge.pages.dev/
Last updated: 2026-03-31