# en-us-trzr.pages.dev — SUSPICIOUS

> PhishDestroy analysis reveals tech support scam on en-us-trzr.pages.dev flagged by 1/95 VirusTotal engines. Check the full report for IOCs and mitigation steps.

## Summary
PhishDestroy identifies en-us-trzr.pages.dev as an active tech support scam infrastructure posing as legitimate US-based technical assistance. The domain resolves to IP 172.66.47.165 and leverages Cloudflare’s Pages.dev platform as a front to deliver fraudulent pop-ups claiming 'critical system errors' requiring immediate callback to premium-rate numbers. Users encountering this domain are redirected to spoofed Microsoft or Apple support portals where social engineers attempt to extract payment for non-existent services.

This domain was flagged by just 1 out of 95 VirusTotal security vendors at time of analysis, while Cloudflare Inc. serves as registrar and hosting provider. The Google Trust Services SSL certificate provides a false sense of legitimacy to potential victims. The infrastructure remains active despite minimal detection, highlighting the evasive nature of Pages.dev-hosted phishing campaigns.

If you visited en-us-trzr.pages.dev, immediately close all browser tabs, run a full antivirus scan, and avoid entering any personal or payment details. Report the incident to your IT department or cybersecurity team using the domain and IP 172.66.47.165 as indicators of compromise. Consider changing passwords for critical accounts if credentials were potentially exposed. Monitor financial statements for unauthorized transactions and report any fraud to local authorities.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.165

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/d07d8e16-a7c9-4aa7-8b98-96fb00be6170
- PhishDestroy: https://phishdestroy.io/domain/en-us-trzr.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/en-us-trzr.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/en-us-trzr.pages.dev/
Last updated: 2026-04-01