# ch-sun-io.pages.dev — SUSPICIOUS

> site ch-sun-io.pages.dev is a live crypto drainer with 0/95 VirusTotal detections. Block it now to protect digital assets.

## Summary
PhishDestroy identifies ch-sun-io.pages.dev as an active crypto-draining phishing site under investigation for credential theft and fund misappropriation. Hosted on Cloudflare Pages with a Google Trust Services SSL certificate, the domain resolves to IP 188.114.96.3 and currently shows zero VirusTotal detections out of 95 engines. Registrant details remain opaque, indicating a hastily spun-up infrastructure aimed at evading early detection.

This domain was flagged specifically because it impersonates a legitimate cloud front-end to siphon private wallet keys and seed phrases under the guise of “sun.io” services. Evidence points to a brand-impersonation attack leveraging Cloudflare’s Pages platform to deliver malicious JavaScript payloads that silently approve token-transfer approvals. The complete lack of virus signatures suggests the campaign is still in its early, undetected phase.

If you visited ch-sun-io.pages.dev or entered any credentials, immediately revoke wallet approvals via tools like revoke.cash or your wallet’s built-in approval manager. Transfer remaining assets to a newly generated wallet, enable hardware wallet signing, and run a malware scan on all devices. Report the domain to your antivirus vendor and file an incident with local cybercrime units using the seed a3cf64 for cross-agency tracking.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/b1b9eaf9-da1d-4170-b5a8-f285a38f7d51
- PhishDestroy: https://phishdestroy.io/domain/ch-sun-io.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ch-sun-io.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ch-sun-io.pages.dev/
Last updated: 2026-04-13