# faq---live-download.pages.dev — SUSPICIOUS

> faq---live-download.pages.dev is a LIVE credential-stealing phishing page detected on VirusTotal 0/95 times. Users should NEVER enter credentials here.

## Summary
PhishDestroy identifies faq---live-download.pages.dev as an active credential-theft phishing domain currently under investigation. The site masquerades as a legitimate download portal to harvest user login details, posing immediate risk to personal and corporate accounts.

This domain was flagged with 0 detections out of 95 VirusTotal engines, resolves to IP 172.66.44.182, and is served via Cloudflare with a Google Trust Services SSL certificate. The .pages.dev namespace is a known Cloudflare Pages platform, complicating traditional takedowns due to Cloudflare’s infrastructure.

Users must avoid entering any credentials on this domain. Organizations should block 172.66.44.182 at the firewall, append the domain to blocklists, and warn employees via security awareness training. Report this domain to Cloudflare Abuse and Google Safe Browsing to expedite delisting. Monitor network traffic for outbound connections to this IP to detect compromised devices early.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.182

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/faq---live-download.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/faq---live-download.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/faq---live-download.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/faq---live-download.pages.dev/
Last updated: 2026-04-05