# get-trzur-x-suite.pages.dev — SUSPICIOUS

> Domain get-trzur-x-suite.pages.dev is a confirmed crypto drainer scam, flagged by 1 of 95 VirusTotal vendors. Do not interact with this site.

## Summary
PhishDestroy identifies get-trzur-x-suite.pages.dev as an active crypto drainer scam with an elevated risk level. This domain is currently operational and distributing malicious payloads designed to siphon cryptocurrency assets from unsuspecting users. The threat involves the unauthorized transfer of digital assets via deceptive smart contract interactions or wallet-draining scripts embedded in the fraudulent interface.


This domain was flagged by 1 of 95 VirusTotal vendors, registered through Cloudflare, Inc., and resolves to IP 172.66.47.105. The SSL certificate is issued by Google Trust Services, indicating a false sense of legitimacy. While the exact creation date is unverified, the domain exhibits recent malicious behavior consistent with crypto drainer campaigns. Current blocklist counts remain low but are expected to rise as additional threat intelligence emerges. The domain’s infrastructure aligns with known patterns of short-lived, malicious Cloudflare Pages deployments used to evade detection.


The domain remains active and poses an immediate threat to cryptocurrency users. PhishDestroy recommends blocking 172.66.47.105 at the network perimeter and blacklisting the domain across all security controls. Users should avoid any interaction with this site and verify all cryptocurrency-related URLs through official sources. Organizations are advised to monitor for outbound connections to this IP and inspect DNS queries for similar domains. Immediate remediation includes updating threat intelligence feeds and conducting endpoint scans for wallet-draining malware.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.105

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/fd3f150a-3f71-4ae8-8942-fb1aa9cab367
- PhishDestroy: https://phishdestroy.io/domain/get-trzur-x-suite.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/get-trzur-x-suite.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/get-trzur-x-suite.pages.dev/
Last updated: 2026-03-30