# new-l-ivqe-ledgw.pages.dev — SUSPICIOUS

> new-l-ivqe-ledgw.pages.dev is a crypto drainer phishing domain flagged by 1 of 95 VirusTotal vendors, posing as a legitimate service.

## Summary
PhishDestroy identifies new-l-ivqe-ledgw.pages.dev as an active credential theft domain currently leveraging a crypto drainer scheme to harvest user login credentials. This domain is classified under elevated risk due to its active status and the nature of its phishing campaign. The threat actor behind this infrastructure appears to be targeting unsuspecting users with deceptive landing pages designed to mimic legitimate services and siphon sensitive authentication data.


Resolution data confirms this domain is flagged by 1 of 95 VirusTotal vendors and was registered through Cloudflare, Inc. The domain resolves to IP address 188.114.97.3 and holds a valid SSL certificate issued by Google Trust Services. Further investigation reveals this infrastructure is hosted on Cloudflare Pages, which may complicate direct takedown efforts without proper coordination. Current blocklist counts and historical reputation scores indicate minimal prior detection, suggesting this campaign may be newly operational.


Given the active status and the confirmed credential theft threat, PhishDestroy strongly advises immediate defensive action against new-l-ivqe-ledgw.pages.dev. Organizations should update firewall and proxy rules to block both the domain and associated IP address 188.114.97.3. Users who may have interacted with this domain should change credentials immediately and enable multi-factor authentication where possible. Security teams are encouraged to monitor lateral movement and credential abuse in affected environments as this campaign continues to evolve.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/56d071eb-fde2-4012-ae2d-f87d54af4130
- PhishDestroy: https://phishdestroy.io/domain/new-l-ivqe-ledgw.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/new-l-ivqe-ledgw.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/new-l-ivqe-ledgw.pages.dev/
Last updated: 2026-03-22