# cewl.pages.dev — SUSPICIOUS

> cewl.pages.dev is flagged for phishing attempts. Avoid interaction and report suspicious links to stay safe online.

## Summary
PhishDestroy identifies cewl.pages.dev as a medium-risk phishing domain primarily engaged in generic social engineering attacks. The domain is classified under 'generic_phishing' with Google Safe Browsing flagging it as 'SOCIAL_ENGINEERING,' indicating attempts to deceive users into revealing sensitive information. The page title observed was 'Suspected phishing site | Cloudflare,' reflecting its suspicious nature.

Technically, the domain resolves to IP address 188.114.97.3 and was registered through Cloudflare, Inc. Its creation date is noted as March 04, 2026, which is in the near future and likely an error or placeholder date in records. The domain appears on two security blocklists and is flagged by 3 out of 95 security vendors on VirusTotal, supporting the medium-risk classification. The infrastructure is associated with Cloudflare’s hosting services, which are often abused by threat actors for phishing setups due to ease of deployment.

As of now, cewl.pages.dev is offline, and the phishing page has been taken down, limiting immediate risk to users. Despite its current offline status, users should remain vigilant for potential future reuse or similar domains mimicking the same tactics. PhishDestroy recommends avoiding any interaction with this domain and reporting suspicious emails or links referencing it to maintain cybersecurity hygiene.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 0)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-03-04 23:07:01
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 188.114.97.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: aarav.ns.cloudflare.com princess.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 3 vendors flagged
  Vendors: ["Google Safebrowsing", "Lionic", "Phishing Database"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cbaea-f45d-714e-a67d-6729e58c2922.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/cewl.pages.dev
- Wayback Machine: https://web.archive.org/web/https://cewl.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/cewl.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/cewl.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/cewl.pages.dev/
Last updated: 2026-03-19