# qe7h-hgxqx-ctpv-5fqp.pages.dev — MALICIOUS

> Explore the safety status of qe7h-hgxqx-ctpv-5fqp.pages.dev, a medium-risk phishing domain now offline. Learn more about its threat profile here.

## Summary
PhishDestroy has identified qe7h-hgxqx-ctpv-5fqp.pages.dev as a domain involved in generic phishing activities, posing a medium risk to users. The domain was flagged due to suspicious behavior indicative of phishing attempts designed to deceive victims and potentially harvest sensitive information.

Technical analysis reveals that the domain was registered on March 9, 2026, via Cloudflare, Inc., and resolved to the IP address 188.114.96.3. It appeared on one security blocklist, and VirusTotal scans indicated that 9 out of 95 security vendors detected it as malicious. The page title observed was "Suspected phishing site | Cloudflare," which aligns with its phishing classification.

Currently, the domain is offline, reducing immediate threats to users. PhishDestroy recommends maintaining vigilance against similar domains and ensuring that endpoint security solutions are updated to detect such threats promptly. Users are advised to avoid interacting with suspicious links and report any phishing attempts to their security teams.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-03-09 01:07:01
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 188.114.96.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ryleigh.ns.cloudflare.com salvador.ns.cloudflare.com
- SSL Issuer: Let's Encrypt / E8

## Detection Status
- VirusTotal: 9 vendors flagged
  Vendors: ["alphaMountain.ai", "CyRadar", "DNS8", "Emsisoft", "Fortinet", "G-Data", "Gridinsoft", "Netcraft", "Sophos"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ccffc-9bd2-7268-84d9-e0712bf79cfd.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/a85ca3fa-725b-4c80-97aa-3e1045426772
- Wayback Machine: https://web.archive.org/web/https://qe7h-hgxqx-ctpv-5fqp.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/qe7h-hgxqx-ctpv-5fqp.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/qe7h-hgxqx-ctpv-5fqp.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/qe7h-hgxqx-ctpv-5fqp.pages.dev/
Last updated: 2026-03-19