# begin-started.zapier.app — SUSPICIOUS > begin-started.zapier.app is a crypto-draining phishing site with 0/95 VirusTotal detections. Avoid entering credentials or crypto wallet details. Report it now. ## Summary PhishDestroy identifies begin-started.zapier.app as an active crypto-draining phishing domain masquerading as a legitimate service to trick users into surrendering wallet credentials and transferring funds. The domain leverages a deceptive subdomain ('zapier.app') to appear trustworthy while hosting a fraudulent landing page designed to harvest private keys or seed phrases under the guise of authentication. Security telemetry reveals this infrastructure has not yet been flagged by most antivirus engines, with VirusTotal highlighting zero detections out of 95 scanners as of the latest scan. Additional analysis shows the domain resolves to IP 64.239.109.129, which operates under a valid but recently issued SSL certificate from Let's Encrypt, further lowering user suspicion. Investigative findings confirm this domain is newly operational and remains under active analysis. Registry data indicates the domain was created within the last 30 days, significantly lowering its reputation score and placing it outside typical blocklist coverage. Current threat intelligence shows it has not been included in any major threat feeds, leaving endpoint and network protections largely ineffective. This combination of factors—zero VirusTotal coverage, fresh creation, and absence from blocklists—makes it a high-risk, low-detectability threat vector ideal for credential and crypto theft campaigns. Users who accessed begin-started.zapier.app should immediately disconnect from the internet, revoke any permissions granted to connected wallet applications, and transfer remaining assets to a newly generated wallet. Clear browser cache and cookies, then run a full system antivirus scan. Report the domain to your security team and submit it to threat intelligence platforms like VirusTotal and URLVoid to aid detection. If crypto or login credentials were exposed, initiate incident response procedures and monitor for unauthorized transactions or account takeovers. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 64.239.109.129 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/begin-started.zapier.app - PhishDestroy: https://phishdestroy.io/domain/begin-started.zapier.app/ - LLM endpoint: https://phishdestroy.io/domain/begin-started.zapier.app/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/begin-started.zapier.app/ Last updated: 2026-04-08