# eng-ladgeir.pages.dev — SUSPICIOUS > eng-ladgeir.pages.dev hosts a credential theft page active since May 2025. VirusTotal shows 0/95 detections as of seed bfcee5. ## Summary PhishDestroy identifies eng-ladgeir.pages.dev as a live credential theft domain actively luring users since May 2025. The site masquerades as a login portal to harvest credentials and session tokens, enabling direct compromise of linked accounts. This domain was flagged for credential theft via brand impersonation against Cloudflare-branded services. VirusTotal analysis on seed bfcee5 reports 0/95 detections for the infrastructure (188.114.96.3), indicating undetected hosting on Cloudflare Pages. Registered directly through Cloudflare, Inc., the site leverages Google Trust Services SSL certificate to appear legitimate while hosting a spoofed login interface. Users who visited eng-ladgeir.pages.dev are advised to immediately rotate passwords on any accounts that may have been entered and enable multi-factor authentication. Revoke any session tokens if credentials were submitted. Report the domain to your security provider and browser blocklists to prevent further exposure. Monitor linked accounts for signs of unauthorized access or data exfiltration. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/eng-ladgeir.pages.dev - PhishDestroy: https://phishdestroy.io/domain/eng-ladgeir.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/eng-ladgeir.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/eng-ladgeir.pages.dev/ Last updated: 2026-04-04