# fau-gg.pages.dev — SUSPICIOUS

> fau-gg.pages.dev is a confirmed crypto drainer impersonating Fau (FaucetPay). Only 1/95 VirusTotal scanners detect this threat.

## Summary
PhishDestroy identifies fau-gg.pages.dev as an active crypto drainer domain posing as Fau (FaucetPay) services. This elevated-risk threat leverages brand impersonation to trick users into connecting crypto wallets and draining funds. Security vendors widely overlook this domain, with only 1 out of 95 VirusTotal scanners flagging it as malicious. The domain resolves to IP 172.66.44.124, hosted via Cloudflare Pages and secured with a Google Trust Services SSL certificate. Despite Cloudflare’s infrastructure, the domain remains undetected by most automated systems, highlighting gaps in generic phishing detection for crypto-related impersonations.


This domain was flagged by PhishDestroy’s seed e8ae0f, with critical intelligence confirming its crypto drainer nature. Key indicators include registration through Cloudflare, Inc., a Google Trust Services SSL certificate, and a low VirusTotal detection ratio of 1/95. The IP 172.66.44.124 hosts the fraudulent Fau impersonation, exploiting Fau’s reputation in the cryptocurrency faucet ecosystem. No known blocklists currently list this domain, compounding the risk for unsuspecting users. The SSL certificate, while legitimate, is misused by threat actors to add false legitimacy to their crypto drainer scams.


To mitigate exposure to fau-gg.pages.dev, users should avoid interacting with any links or websites claiming to be Fau (FaucetPay). Never connect crypto wallets to unverified domains, especially those hosted on Cloudflare Pages or using Google SSL certificates in non-official contexts. Report this domain to security platforms like PhishDestroy, VirusTotal, and browser blocklists to improve collective defense. If funds were connected to this site, revoke wallet permissions immediately and monitor transactions for suspicious activity. Proactive reporting helps prevent further victimization as this crypto drainer evolves undetected.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.124

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/42cb6700-29c7-4e57-8265-f72d2e4b8464
- PhishDestroy: https://phishdestroy.io/domain/fau-gg.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/fau-gg.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/fau-gg.pages.dev/
Last updated: 2026-03-28