# faqs-bridge-iodocs.pages.dev — SUSPICIOUS

> PhishDestroy identifies faqs-bridge-iodocs.pages.dev as a credential theft domain with 0/95 VirusTotal detections. Avoid submitting login details.

## Summary
PhishDestroy identifies the active domain faqs-bridge-iodocs.pages.dev as a credential theft site under investigation, leveraging a deceptive page layout mimicking official documentation portals to harvest user credentials. The threat actor registered this domain through Cloudflare, Inc., embedding a fraudulent login interface designed to mimic legitimate authentication flows. Analysis suggests this campaign targets users seeking technical documentation, potentially luring victims with false promises of API access or troubleshooting guides. No drainer kit artifacts were detected during initial static inspection, but the presence of a credential harvesting frontend indicates a high-fidelity impersonation toolkit.

Forensic analysis reveals this domain resolves to IP 172.66.45.45 and operates under a Google Trust Services SSL certificate, which may aid in evading browser-based trust indicators. The domain currently shows 0 detections out of 95 VirusTotal engines as of seed 1f0623, indicating low signature coverage despite active abuse. Registered via Cloudflare, the domain’s infrastructure aligns with fast-flux tactics commonly used to delay detection and takedown. While Google Safe Browsing (GSB) status remains unconfirmed from provided data, the absence of blocklist entries suggests delayed propagation in threat intelligence feeds.

This domain remains active at the time of analysis, with no confirmed takedown actions reported. Users are advised to inspect URLs carefully, avoid entering credentials, and report the domain via their browser’s phishing alert system or threat intelligence platforms. Remaining risk is assessed as HIGH due to the credential theft objective and low detection coverage. Security teams should monitor for associated malware delivery or expanded infrastructure usage. Always verify domains via official sources before interaction.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.45.45

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/138a609d-3a94-448e-9084-4bb4e92ea9fb
- PhishDestroy: https://phishdestroy.io/domain/faqs-bridge-iodocs.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/faqs-bridge-iodocs.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/faqs-bridge-iodocs.pages.dev/
Last updated: 2026-03-22