# aga123.pages.dev — SUSPICIOUS

> aga123.pages.dev is a crypto drainer impersonating a login portal. 0 of 95 VirusTotal vendors flagged it yet—verify immediately on PhishDestroy.

## Summary
PhishDestroy identifies aga123.pages.dev as an active crypto-draining phishing page impersonating a login portal, currently under investigation with a status marked as active. This domain is designed to harvest credentials and cryptocurrency wallet seeds under the guise of a legitimate authentication interface, posing significant risk to users who input sensitive information. The threat actor leverages Cloudflare Pages to host the malicious content, which resolves to IP 188.114.97.3 and operates with a Google Trust Services SSL certificate, increasing its perceived legitimacy to potential victims.

This domain was flagged by 0 of 95 VirusTotal vendors as of the latest scan, indicating it remains undetected by most signature-based security tools. Registered through Cloudflare, Inc., the domain resolves to a hosting infrastructure associated with malicious campaigns. The presence of a Google-issued SSL certificate further obfuscates its malicious nature by providing a veneer of trustworthiness. While no blocklist entries or trust score metrics are publicly available, the combination of zero detections, Cloudflare hosting, and the use of a reputable SSL issuer suggests a newly deployed or actively evolving threat infrastructure.

PhishDestroy advises users to treat aga123.pages.dev as a HIGH-RISK domain and avoid any interaction with its hosted content. Given the absence of vendor detections and the domain’s active status, it is likely to be weaponized in ongoing campaigns targeting cryptocurrency users. Users are strongly encouraged to verify the legitimacy of any login or wallet-related URLs using PhishDestroy’s real-time threat intelligence platform before entering credentials or transferring assets. Organizations should consider blocking the IP 188.114.97.3 and the domain at the network perimeter to prevent accidental exposure. Continuous monitoring is recommended due to the domain’s potential to escalate into a larger campaign.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/61e1c8d9-63ba-4ffb-b633-45952179336b
- PhishDestroy: https://phishdestroy.io/domain/aga123.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/aga123.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/aga123.pages.dev/
Last updated: 2026-03-24