# pumps-cjg.pages.dev — SUSPICIOUS

> pumps-cjg.pages.dev hosts an active MFA credential harvesting page flagged by 1/95 VirusTotal engines.

## Summary
PhishDestroy identifies pumps-cjg.pages.dev as an active phishing domain engaged in MFA credential harvesting campaigns. The domain poses an elevated risk due to its current operational status and the specific threat of unauthorized access to multi-factor authentication credentials. Users interacting with this domain risk exposing secondary authentication factors, which could lead to account takeover and lateral movement within compromised systems.  

This domain was flagged by 1/95 VirusTotal security vendors, operates under Cloudflare, Inc. as the registrar, and resolves to IP address 188.114.97.3. The SSL certificate is issued by Google Trust Services, which does not inherently validate the domain’s legitimacy. No blocklist entries were detected in this investigation, but the domain’s recent deployment and low detection rate suggest it may evade traditional defenses. The seed identifier 32ae5f confirms the uniqueness of this campaign instance.  

To mitigate risks, users should immediately block access to pumps-cjg.pages.dev at network and endpoint levels. Organizations are advised to inspect DNS logs for queries resolving to 188.114.97.3 and update firewall rules to block traffic to this IP. Users who may have entered credentials on this domain should reset all associated passwords, revoke active MFA sessions, and monitor accounts for suspicious activity. Reporting the domain to threat intelligence platforms and CERT teams is critical to prevent further propagation.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/bb24c65b-a2b1-49ea-979b-87aaab4bf616
- PhishDestroy: https://phishdestroy.io/domain/pumps-cjg.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/pumps-cjg.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/pumps-cjg.pages.dev/
Last updated: 2026-03-22