# home-trxor.pages.dev — SUSPICIOUS > home-trxor.pages.dev identified as a crypto drainer posing elevated risk. VirusTotal flags 2/95 vendors. ## Summary PhishDestroy identifies home-trxor.pages.dev as an active crypto drainer campaign designed to illicitly siphon cryptocurrency assets from unsuspecting victims. This domain leverages deceptive branding and social engineering tactics to trick users into connecting their wallets or authorizing fraudulent transactions. Once a victim visits the page and approves wallet connections or signs malicious transactions, the drainer executes unauthorized transfers to attacker-controlled addresses. The domain poses a significant immediate risk, particularly to cryptocurrency holders engaging with decentralized finance (DeFi) platforms or non-custodial wallets. This domain was flagged by PhishDestroy due to multiple indicators of compromise and elevated threat activity. VirusTotal analysis shows the domain is flagged by 2 out of 95 security vendors as malicious, indicating emerging but confirmed hostile intent. The domain is registered through Cloudflare, Inc., a legitimate registrar often abused to obfuscate malicious infrastructure, and resolves to IP address 188.114.97.3. Additionally, the use of a Google Trust Services SSL certificate is a common tactic to lend false legitimacy to phishing pages. The domain is hosted on a Cloudflare Pages subdomain (pages.dev), a platform frequently exploited to rapidly deploy fraudulent sites. Users who have visited home-trxor.pages.dev should immediately disconnect any connected wallets, revoke any unauthorized transaction approvals, and transfer remaining funds to a secure, newly generated wallet. Do not interact with wallet connection prompts or sign any transactions on this domain. If cryptocurrency was stolen, report the incident to local law enforcement and file a complaint with relevant cybercrime units (e.g., IC3, Action Fraud). Monitor wallet addresses for outgoing transactions and consider using blockchain forensic tools to trace stolen funds. Ensure all future interactions with cryptocurrency platforms are conducted only through verified official domains and use hardware wallets for enhanced security. Report this domain to your browser’s safe browsing tools or threat intelligence platforms to help block future access. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/494e810d-c904-42d2-9937-9a4ae1d4471d - PhishDestroy: https://phishdestroy.io/domain/home-trxor.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/home-trxor.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/home-trxor.pages.dev/ Last updated: 2026-03-26