# io-ledegr-started.pages.dev — SUSPICIOUS

> Phishing investigation reveals Microsoft 365 credential harvesting on io-ledegr-started.pages.dev. Flagged by 0 of 95 VirusTotal vendors. Check the full report.

## Summary
PhishDestroy identifies an active phishing campaign targeting Microsoft 365 users via the domain io-ledegr-started.pages.dev. The domain is currently classified as a credential harvesting threat, with a status marked as active. Initial analysis suggests this infrastructure is being used to deceive victims into submitting login credentials under the guise of legitimate Microsoft services.


This domain was flagged by 0 of 95 VirusTotal vendors as of the latest scan, indicating it remains undetected by most antivirus engines. The domain resolves to IP address 188.114.96.3, registered through Cloudflare, Inc., and utilizes a Google Trust Services SSL certificate. The infrastructure's trust scores and detection evasion capabilities remain under review, but the lack of vendor detections suggests a sophisticated attempt to bypass traditional security measures.


While the investigation is ongoing, immediate action is recommended to mitigate risks. Organizations and users should block traffic to io-ledegr-started.pages.dev at the network level and avoid accessing the domain. Additionally, verify and enforce multi-factor authentication (MFA) policies for Microsoft 365 accounts to reduce the impact of potential credential theft. Users who may have interacted with this domain should reset their passwords immediately and monitor for suspicious account activity.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/bb6c5767-c16d-4f07-b607-d1bcb8e7d943
- PhishDestroy: https://phishdestroy.io/domain/io-ledegr-started.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/io-ledegr-started.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/io-ledegr-started.pages.dev/
Last updated: 2026-04-12