# faq-walietterzr-eng.pages.dev — SUSPICIOUS

> faq-walietterzr-eng.pages.dev hosts an active crypto drainer phishing site flagged by only 2/95 VirusTotal vendors—verify URLs before wallet login.

## Summary
This domain, faq-walietterzr-eng.pages.dev, is an active cryptocurrency drainer phishing site designed to deceive users into connecting malicious wallet extensions or entering credentials. Instead of providing legitimate FAQ resources, the page loads scripts that monitor clipboard activity for crypto wallet addresses, silently replacing them with attacker-controlled addresses to divert funds. Past incidents indicate these campaigns often use urgency-driven lures, such as fake support channels or account alerts, to pressure victims into acting without scrutiny.  PhishDestroy identifies this site as elevated-risk, with confirmed intelligence showing it was flagged by only 2 out of 95 security vendors on VirusTotal as of analysis. The domain is hosted on IP 188.114.97.3, uses a Google Trust Services SSL certificate for credibility masking, and was registered through Cloudflare—common tactics to appear legitimate. Such low detection rates at initial observation often indicate newly registered infrastructure leveraging legitimate registrars and CDNs to evade early detection.  If you visited this site, do not connect your wallet or enter any credentials. Disconnect from the site immediately, clear browser cache, and scan your system for malicious browser extensions—especially those impersonating crypto wallets. Use a separate browser profile or device if you attempted a transaction. Report the domain to your wallet provider and security team if you entered sensitive information. Avoid visiting shortened or unfamiliar URLs claiming to offer crypto support.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4f0e61f7-496e-48c8-96fe-2ce2923fc0af
- PhishDestroy: https://phishdestroy.io/domain/faq-walietterzr-eng.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/faq-walietterzr-eng.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/faq-walietterzr-eng.pages.dev/
Last updated: 2026-03-22