# eng--ledgeir.pages.dev — SUSPICIOUS

> Is eng--ledgeir.pages.dev safe? This Google Trust Services-hosted domain (0/95 scanners flagged on VirusTotal) appears to be a malicious credential harvesting.

## Summary
PhishDestroy identifies eng--ledgeir.pages.dev as an active credential harvesting domain engaged in a generic phishing campaign. This subdomain, registered through Cloudflare and resolving to IP 172.66.44.182, is currently under investigation for mimicking legitimate login portals to deceive users into surrendering sensitive credentials. The threat actor leverages Google Trust Services SSL certificates to enhance credibility, a tactic often used to bypass initial suspicion. Despite 0 detections on VirusTotal, the domain’s age and infrastructure suggest an evolving threat that requires immediate scrutiny.  This domain was flagged with 0/95 VirusTotal detections as of the latest analysis, indicating it has evaded mainstream detection engines. Registered through Cloudflare, Inc., it resolves to IP 172.66.44.182, a known Cloudflare IP range often abused for phishing due to its legitimate appearance. The use of Google Trust Services SSL certificates further masks malicious intent, as these certificates are typically associated with reputable domains. While the exact creation date is unverified, the combination of low detection rates and suspicious infrastructure points to a recently deployed threat designed to harvest login credentials under false pretenses.  Users who have visited eng--ledgeir.pages.dev should immediately change any passwords entered on the site, as credentials may have been compromised. Enable multi-factor authentication on all associated accounts and scan devices for malware or unauthorized access. Report the domain to your organization’s security team or to platforms like Google Safe Browsing to aid in its takedown. Avoid interacting with the domain entirely—it poses a high risk of credential theft and potential follow-on attacks such as account takeovers or financial fraud. Stay vigilant and prioritize validating URLs before entering sensitive information.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.182

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/84e93a32-f316-4fe9-b831-482f18a5d277
- PhishDestroy: https://phishdestroy.io/domain/eng--ledgeir.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/eng--ledgeir.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/eng--ledgeir.pages.dev/
Last updated: 2026-03-22