# new-09e-recover.pages.dev — SUSPICIOUS > Domain new-09e-recover.pages.dev is a crypto drainer phishing site flagged by 1 of 95 VirusTotal vendors. Resolves to IP 188.114.97.3. ## Summary PhishDestroy identifies the active crypto drainer phishing domain new-09e-recover.pages.dev as a current threat vector targeting cryptocurrency users. This domain is currently classified under the 'generic_phishing' threat type with an elevated risk level, indicating active malicious campaigns designed to deceive victims into connecting wallets or transferring funds under false pretenses. The infrastructure leverages Cloudflare Pages, a legitimate hosting service, to obscure malicious intent while maintaining operational availability. This domain was flagged by 1 of 95 VirusTotal vendors, indicating limited but confirmed malicious detection. It is registered through Cloudflare, Inc., resolves to IP 188.114.97.3, and holds a Google Trust Services SSL certificate, which may lend an air of legitimacy to unsuspecting users. While the domain's creation date is not specified in available data, its active status and detectable malicious payloads suggest recent deployment. The single VirusTotal detection ratio and absence of additional blocklist data imply a stealthy or newly emerged threat, though its operational presence is confirmed. The domain's Cloudflare Pages hosting and Google Trust Services certificate indicate an attempt to blend into legitimate web infrastructure. Current status confirms the domain remains active and poses an elevated risk to cryptocurrency users. Technical indicators include the use of a Pages.dev subdomain, which may be leveraged for rapid deployment and evasion of traditional takedown mechanisms. The low VirusTotal detection rate suggests the payload may employ obfuscation or novel evasion techniques to bypass automated scanning. Security researchers and users are advised to block this domain at the network level and avoid any interaction with links or content associated with it. Additionally, users should verify URLs prior to wallet connections and report any observed malicious activity to threat intelligence platforms to aid in broader detection and mitigation efforts. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/a55e49cd-8fd8-4220-b715-a6ecf73b90f6 - PhishDestroy: https://phishdestroy.io/domain/new-09e-recover.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/new-09e-recover.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/new-09e-recover.pages.dev/ Last updated: 2026-04-12