# en-start-trezaor.pages.dev — SUSPICIOUS

> en-start-trezaor.pages.dev is a cryptocurrency wallet drainer site hosted on Cloudflare Pages. It resolves to IP 188.114.97.

## Summary
PhishDestroy identifies en-start-trezaor.pages.dev as an active cryptocurrency wallet scam leveraging a Cloudflare Pages hosting platform to impersonate legitimate wallet services. The domain masquerades as a Trezor wallet interface, employing a generic phishing threat type aimed at harvesting seed phrases and private keys from unsuspecting victims. No specific drainer kit has been identified at this stage, but its design closely mimics legitimate cryptocurrency wallet login interfaces, indicating a high-fidelity social engineering attempt targeting digital asset holders. The threat is presently classified as under investigation while behavioral and technical analysis continues.  

This domain resolves to IP address 188.114.97.3 and is registered through Cloudflare, Inc., utilizing Cloudflare Pages for hosting. The SSL certificate is issued by Google Trust Services, which contributes to its stealth profile. As of the latest scan, VirusTotal detection stands at 0 out of 95 engines, indicating no current signature-based detection. The domain has not been flagged by Google Safe Browsing (GSB) at this time and has zero entries on public threat intelligence blocklists. These factors collectively enhance its evasiveness against automated detection mechanisms.  

The campaign is currently active, with the drainer site operational and accessible. Immediate mitigation is advised: users should block all traffic to en-start-trezaor.pages.dev and report the domain to security teams or blocklist operators. While the current risk remains elevated due to the lack of widespread detection, the absence of prior flagging suggests potential for rapid expansion. Remaining risk is considered moderate, contingent on the threat actor’s operational tempo and obfuscation tactics. Continuous monitoring and proactive blocking are strongly recommended to prevent user compromise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/eb27abe6-3b2d-4148-9d8b-f551ea2b53dd
- PhishDestroy: https://phishdestroy.io/domain/en-start-trezaor.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/en-start-trezaor.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/en-start-trezaor.pages.dev/
Last updated: 2026-04-13