# faqs-download-ldgeer.pages.dev — SUSPICIOUS > faqs-download-ldgeer.pages.dev poses as 'FAQs' to deliver a crypto drainer kit. VT 0/95 detections as of last scan. Avoid interaction immediately. ## Summary PhishDestroy identifies faqs-download-ldgeer.pages.dev as an active brand-impersonation domain weaponized with a cryptocurrency drainer kit. The site mimics legitimate software FAQ pages to trick users into connecting wallets and signing malicious transactions. No publicly documented drainer family is yet attributed, but behavioral indicators align with clipboard-modifying and signature-request payloads typically seen in “FAQ stealer” campaigns. The payload infrastructure is hosted on Cloudflare Pages, allowing rapid subdomain rotation while maintaining HTTPS via Google Trust Services certificates. Technical indicators confirm low endpoint detection and opaque infrastructure: VirusTotal shows 0/95 engines flagging the domain as of the latest scan, the registrar is Cloudflare, Inc., and the resolving IPv4 address is 172.66.47.115. The domain was registered within Cloudflare’s Pages service, so precise creation and expiration dates are not exposed to WHOIS queries. Google Safe Browsing (GSB) has not yet blacklisted the page, and third-party blocklists report zero prior detections. These characteristics suggest a recently deployed campaign operating below traditional radar thresholds. Current status is active and under investigation. Cloudflare has not yet suspended the Pages worker hosting the drainer kit, and the domain remains resolvable. PhishDestroy recommends immediate network-level blocking of 172.66.47.115 and DNS sinkholing of faqs-download-ldgeer.pages.dev. Users should also revoke any wallet signatures granted to this domain and monitor connected accounts for unauthorized transfers. Remaining risk is moderate due to low VT coverage and absence from GSB; proactive blocking is essential until threat intelligence coverage improves. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.115 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/faqs-download-ldgeer.pages.dev - PhishDestroy: https://phishdestroy.io/domain/faqs-download-ldgeer.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/faqs-download-ldgeer.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/faqs-download-ldgeer.pages.dev/ Last updated: 2026-04-05