# eng-ledgeir-faq.pages.dev — SUSPICIOUS > eng-ledgeir-faq.pages.dev is a live fake support scam domain hosted on Cloudflare with 0/95 VirusTotal detections. ## Summary PhishDestroy identifies eng-ledgeir-faq.pages.dev as a generic phishing domain posing as a fake support scam, likely mimicking a legitimate FAQ or help center to deceive users. The domain leverages Cloudflare’s Pages.dev service to host its infrastructure, which is a common tactic among threat actors to obfuscate malicious content behind legitimate cloud hosting providers. No specific drainer kit or brand impersonation has been confirmed at this stage, but the generic nature of the phishing suggests opportunistic credential harvesting or malware delivery. The campaign’s focus on a 'faq' subdomain implies an attempt to appear official, potentially targeting users seeking troubleshooting or customer support. This domain resolves to IP 172.66.47.12 and is registered through Cloudflare, Inc., with a Google Trust Services SSL certificate providing a veneer of legitimacy. VirusTotal currently flags the domain with 0/95 detections, indicating it has not yet been widely recognized by security vendors. The registrar and hosting infrastructure further complicate takedown efforts, as Cloudflare’s services are frequently abused for phishing campaigns due to their speed and ease of deployment. While the domain’s creation date and blocklist status remain unassessed, its active status and lack of detections warrant immediate scrutiny. The absence of detections may reflect either a newly deployed campaign or evasion techniques designed to bypass initial scans. Eng-ledgeir-faq.pages.dev remains active with an 'under_investigation' risk status, meaning further analysis is required to confirm the full scope of its operations. Security researchers are advised to monitor this domain for emerging patterns, such as associated IP addresses or additional subdomains, and to blocklist it proactively in organizational defenses. The remaining risk is moderate due to the domain’s plausible disguise and unflagged status, but its reliance on Cloudflare’s infrastructure may limit the efficacy of takedown requests. Users should exercise caution when encountering pages.dev subdomains, especially those purporting to offer support or FAQ services, and report any suspicious interactions to relevant security teams. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.12 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/9cc3f9f6-4d5d-49f4-8a35-11f9df26d617 - PhishDestroy: https://phishdestroy.io/domain/eng-ledgeir-faq.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/eng-ledgeir-faq.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/eng-ledgeir-faq.pages.dev/ Last updated: 2026-03-29