# ezsync.pages.dev — SUSPICIOUS > ezsync.pages.dev is a crypto drainer posing as a sync tool, with 0/95 VirusTotal detections. Verify safety on PhishDestroy before clicking any links. ## Summary PhishDestroy identifies ezsync.pages.dev as a suspected crypto drainer impersonating a legitimate file synchronization service. This domain leverages Cloudflare’s Pages.dev platform to host malicious content while disguising its true intent behind a plausible service name. The site’s infrastructure (IP 172.66.44.163) is hosted on Cloudflare’s network, a tactic commonly abused by threat actors to evade detection and prolong operational uptime. While the domain is currently under investigation, its choice of a generic but relevant name ('ezsync') suggests an attempt to trick users searching for synchronization tools into trusting the malicious payload. The absence of SSL certificate warnings (issued by Google Trust Services) may further lull victims into a false sense of security, despite the domain’s malicious nature. This domain was flagged with 0 detections out of 95 VirusTotal scans as of the latest analysis, indicating it has not yet been widely recognized by antivirus engines. The domain is registered through Cloudflare, Inc., a common registrar choice for malicious actors due to its privacy protections and rapid domain lifecycle management. At the time of investigation, the domain resolves to IP address 172.66.44.163, which is part of Cloudflare’s infrastructure, further complicating direct takedown efforts. The lack of detection flags presents a significant risk to users, as traditional security tools may fail to intercept access to the page. PhishDestroy’s analysis places this domain under active investigation, with the threat type classified as a generic phishing campaign likely designed to deploy crypto drainers or harvest credentials from unsuspecting victims. If you have visited ezsync.pages.dev, PhishDestroy recommends taking immediate action to secure your accounts and devices. Disconnect from the internet if you entered any sensitive information (e.g., wallet addresses, private keys, or login credentials) and scan your device for malware using reputable antivirus software. Revoke any permissions granted to the domain or related services, and monitor your cryptocurrency wallets or financial accounts for unauthorized transactions. Report the domain to PhishDestroy and relevant authorities (e.g., your country’s cybercrime unit) to aid in further investigation. Avoid interacting with the domain further, as its current status under investigation means additional malicious payloads or tactics may emerge. Always verify the legitimacy of file-sharing or synchronization tools by cross-referencing official websites and user reviews before use. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.163 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/49d5cdbf-dbbb-4f3a-ae50-ec4711be166b - PhishDestroy: https://phishdestroy.io/domain/ezsync.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ezsync.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ezsync.pages.dev/ Last updated: 2026-03-24