# eng-suittrezr.pages.dev — SUSPICIOUS > eng-suittrezr.pages.dev is a live Ethereum wallet drainer using fake token approval pages. VirusTotal flags: 1/95 security vendors. Check the full report. ## Summary PhishDestroy identifies eng-suittrezr.pages.dev as an active Ethereum wallet drainer kit impersonating legitimate token-swap interfaces to trick users into signing malicious transactions. The domain hosts a spoofed interface mimicking popular decentralized exchange (DEX) approval flows, coercing victims into granting unlimited token spending permissions to attacker-controlled smart contracts. No single brand is prominently mimicked; instead, generic DEX styling is used to broaden targeting across multiple DeFi platforms. This strategy maximizes reach across unaware users engaging with token approval UI patterns common in platforms like Uniswap, PancakeSwap, or 1inch. This domain was flagged by PhishDestroy with a certified generic phishing threat type and an elevated risk rating due to active campaign deployment. According to VirusTotal intelligence (seed: 5a86aa), only 1 out of 95 participating security vendors currently detects this site. The domain is registered through Cloudflare, Inc., resolves to IP 172.66.47.99, and holds a valid SSL certificate issued by Google Trust Services—elements often abused to appear legitimate. Despite a clean record with Google Safe Browsing (GSB status: clean), this domain has not been widely blocklisted yet, presenting a window for exploitation across unsuspecting networks. As of the latest assessment (seed: 5a86aa), eng-suittrezr.pages.dev remains ACTIVE and operational, actively serving the drainer interface to visitors. Immediate recommended actions include blocking the domain at DNS/network level, scanning local endpoints for unauthorized browser extensions or wallet modifications, and avoiding any “token approval” prompts unless absolutely verified. Although the current GSB status is clean, this may change rapidly as reporting increases. Remaining risk is elevated—users interacting with this site risk irreversible token drain via malicious approval signatures. Exercise extreme caution and treat this domain as hostile until independent verification confirms removal. Regular monitoring for derivative domains and traffic from Web3-savvy communities is advised. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.99 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/d1ebc4ba-9b42-46f9-88bc-dcb8f8760813 - PhishDestroy: https://phishdestroy.io/domain/eng-suittrezr.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/eng-suittrezr.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/eng-suittrezr.pages.dev/ Last updated: 2026-03-24