# start-tezor-eng-io.pages.dev — SUSPICIOUS

> Danger: start-tezor-eng-io.pages.dev hosts a crypto drainer masquerading as a Tezos wallet login page.

## Summary
PhishDestroy identifies the domain start-tezor-eng-io.pages.dev as an ACTIVE crypto drainer phishing campaign impersonating the Tezos wallet login interface intended to steal cryptocurrency assets. The threat is currently under investigation while analysts confirm the exact drainer payload and wallet address patterns. All users are advised to treat this domain as malicious and avoid interaction.


This domain was flagged by 0 of 95 VirusTotal vendors, registered through Cloudflare, Inc., resolves to IP 172.66.46.210, and uses a Google Trust Services SSL certificate. The Pages.dev subdomain space indicates a Cloudflare Pages deployment, commonly abused for rapid phishing site staging. Trust scores for associated artifacts remain at zero detections across major threat intelligence platforms, reinforcing the need for proactive blocking and verification before any wallet connection.


The campaign remains ACTIVE and is assessed as HIGH RISK due to the direct targeting of Tezos wallet users and the likelihood of cryptocurrency theft upon interaction. Users who have visited this domain should disconnect any connected wallets, revoke any session tokens, and verify their wallet addresses on official Tezos domains only. PhishDestroy recommends blocking the domain start-tezor-eng-io.pages.dev at the network perimeter and DNS level, and running full antivirus scans. If you suspect exposure, scan your device using PhishDestroy and report the incident with the unique seed 71147c for further analysis and takedown support.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.46.210

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/8be90d3d-6f8d-4c86-9f02-330a3b86af3e
- PhishDestroy: https://phishdestroy.io/domain/start-tezor-eng-io.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/start-tezor-eng-io.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/start-tezor-eng-io.pages.dev/
Last updated: 2026-04-01