# dwnledg.pages.dev — SUSPICIOUS

> dwnledg.pages.dev hosts a malicious file download phishing scam. Flagged by 0/95 VirusTotal vendors. Check the full report.

## Summary
PhishDestroy identifies dwnledg.pages.dev as a confirmed malicious file download phishing domain currently active and under investigation. This domain is not merely a generic phishing site; it specifically hosts a lure designed to trick users into downloading malicious files under false pretenses. The threat is classified as active, with no indication of remediation at this time.  

This domain was flagged by 0 of 95 VirusTotal detection engines as of the latest scan, indicating no current antivirus coverage. It is registered through Cloudflare, Inc., resolving to IP address 172.66.47.28. While the SSL certificate is issued by Google Trust Services—suggesting an attempt to appear legitimate—the absence of VirusTotal detections and the nature of the payload suggest a newly deployed or evasive threat. The domain is part of the Cloudflare Pages platform, which is frequently abused by threat actors to host phishing content rapidly and with minimal overhead.  

Given the confirmed malicious file download objective and current lack of detection, users and organizations are strongly advised to block access to dwnledg.pages.dev at the network perimeter and avoid interaction. Security teams should inspect DNS logs for requests to this domain and search endpoint telemetry for signs of download attempts or subsequent payload execution. All inbound emails referencing file downloads from this domain should be treated as malicious and quarantined. Users who may have visited the site should scan their devices for unauthorized downloads and run a full antivirus scan. This threat is under active monitoring, and updates will be provided as new intelligence emerges.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.28

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/dc8092f9-3ff4-4e5b-930e-f850b3041fc9
- PhishDestroy: https://phishdestroy.io/domain/dwnledg.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/dwnledg.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/dwnledg.pages.dev/
Last updated: 2026-04-01