# get-trzr-io-strt-us.pages.dev — SUSPICIOUS

> PhishDestroy identifies get-trzr-io-strt-us.pages.dev as a cryptocurrency drainer phishing site. It currently shows 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies get-trzr-io-strt-us.pages.dev as an active cryptocurrency drainer phishing domain under investigation for mimicking legitimate cryptocurrency service interfaces. This domain leverages a Pages.dev subdomain under Cloudflare’s infrastructure to host a fraudulent landing page designed to trick victims into connecting crypto wallets and authorizing malicious transactions. The threat actor has deployed a drainer kit that prompts users to sign transactions enabling fund extraction from connected wallets.

Technical indicators confirm this domain’s malicious intent. It resolves to IP 172.66.47.26 and is registered through Cloudflare, Inc. with a Google Trust Services SSL certificate. As of the latest scan, VirusTotal shows 0 detections out of 95 engines (VirusTotal link ID: a9dfb8), indicating it remains undetected by traditional antivirus platforms. The domain was registered recently and currently has no listings in Google Safe Browsing (GSB) or other major blocklists, enabling continued operation.

This domain is currently active and poses an imminent risk to cryptocurrency users. Criminals are actively using Pages.dev to obfuscate infrastructure and evade detection. Until detection rates improve and blocklists are updated, users remain vulnerable. PhishDestroy recommends immediate blocking at DNS and network levels and advises cryptocurrency users to verify domains via official channels before connecting wallets or entering credentials.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.26

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c15fdcbb-cca5-46ec-bbaa-bc2e894560e2
- PhishDestroy: https://phishdestroy.io/domain/get-trzr-io-strt-us.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/get-trzr-io-strt-us.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/get-trzr-io-strt-us.pages.dev/
Last updated: 2026-03-24