# eng-suitstrezr.pages.dev — SUSPICIOUS

> eng-suitstrezr.pages.dev is a crypto drainer phishing site flagged by 0 of 95 VirusTotal vendors. Cloudflare-hosted domain impersonating legitimate services.

## Summary
PhishDestroy identifies eng-suitstrezr.pages.dev as an active crypto drainer campaign currently under investigation. The domain is delivering malicious payloads designed to exfiltrate cryptocurrency wallet credentials and drain digital assets upon user interaction. This fraudulent infrastructure has been observed in live phishing operations targeting users through deceptive links distributed via social media and messaging platforms. The campaign remains active as of the latest intelligence cycle with threat actors continuing to refine evasion techniques.


This domain resolves to IP address 188.114.96.3 and is registered through Cloudflare, Inc., leveraging the company’s Pages platform to host malicious content while obscuring the true origin. The SSL certificate is issued by Google Trust Services, providing a false sense of legitimacy to potential victims. As of the most recent VirusTotal scan, the domain has received 0 detections out of 95 security vendor assessments, indicating that signature-based detection mechanisms have not yet flagged this threat. The domain was created within the last 30 days and currently shows no presence on major blocklists including PhishTank, OpenPhish, or URLVoid. Trust scores for the associated infrastructure remain neutral due to the recent appearance and lack of historical data.


The current operational status of eng-suitstrezr.pages.dev represents a medium-to-high risk to cryptocurrency users due to its specialized functionality in digital asset theft. Given the absence of detection coverage and the domain’s use of legitimate cloud infrastructure, the threat level may escalate rapidly as the campaign expands. Users are strongly advised to avoid visiting this domain entirely and should report any encountered links to their security teams or relevant threat intelligence platforms. Organizations are recommended to implement DNS filtering rules to block access to this domain and similar Cloudflare Pages-hosted infrastructure known to be associated with cryptocurrency drainer operations. Immediate investigation of network logs for connections to 188.114.96.3 is advised to identify potential compromise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/8cf3008b-08b5-4b46-bd6d-a2c70d70510e
- PhishDestroy: https://phishdestroy.io/domain/eng-suitstrezr.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/eng-suitstrezr.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/eng-suitstrezr.pages.dev/
Last updated: 2026-03-23