https://iekompiler.pages.dev/
172.66.47.109 · Cloudflare, Inc.
Toronto, Canada
2108 days
200 · 23.7s
Valid· WE1, Google Trust Services, US
COMPLETED
Domain Intelligence: pages.dev
Scanned 2 times since Feb 16, 2026, 02:19 PM UTC
Linked Phishing Report
This scan is attached to a vendor submission report
Brand
Compiler (iekompiler.pages.dev)
Vendors
29/31
Status
partial
Registered-domain escalation
Submit pages.dev as the primary IOC, enriched with evidence from hostile subdomains like iekompiler.pages.dev.
No KB/IOK detections were recorded for this scan.
Technology · 7/19/2026
The site appears to be a web-based IDE named 'Compiler' with branding consistent in the page title and UI (sidebar icons, header, and file explorer). The scanner data shows a dynamic SPA with multiple JavaScript bundles (editor.js, compiler.js, metamask.js, etc.), no static login forms in the initial HTML, and potential credential collection in SPA form rendering. The page content and assets suggest a developer-oriented tool rather than an explicit impersonation of a well-known brand. However, the screenshot indicates a fake or misused branding surface that could be mistaken for a legitimate tool, but there is no clear evidence of credential harvesting or direct impersonation of a widely known brand in the provided data. Given the evidence, the scenario leans toward potential abuse surface (custom web IDE) rather than definitive credential phishing against a third-party brand.
Capture
Stages: 3
Canonical: Late Render (+3s)
Changed: Yes
Credential Signals
Forms: 0
Password fields: 0
Late-stage login UI: No
Resource Signals
Resources: 37
Hosts: 2
Domains: 2
No suspicious indicators identified
The scan indicates a SPA-based web IDE branded as 'Compiler' hosted at iekompiler.pages.dev. There is no evidence in static HTML of a login form or credential collection, but the presence of numerous external scripts (including metamask.js and web3) suggests potential Web3-related functionality that could be misused for credential or key exposure if a malicious payload is present in the bundles. The domain is a Pages.dev subdomain under Cloudflare infrastructure, with a new SSL certificate. The combination of SPA architecture, dynamic UI, and blockchain-related scripts warrants caution and monitoring for credential harvesting or malware delivery in runtime, especially if deceptive branding is used to mimic legitimate developer tooling. Recommend monitoring and further investigation into the runtime behavior and network endpoints to ensure no exfiltration of sensitive data occurs.
Monitor