# strt-iotrzrr.pages.dev — MALICIOUS

> strt-iotrzrr.pages.dev is a live crypto drainer scam flagged by 6/95 VirusTotal vendors. Verify this malicious domain on PhishDestroy before interaction to.

## Summary
PhishDestroy identifies an active cryptocurrency drainer campaign linked to the domain strt-iotrzrr.pages.dev (seed 87e9a2), operating with elevated risk and targeting unsuspecting users through deceptive web interfaces. This domain is configured to impersonate legitimate crypto platforms, prompting victims to connect wallets under the guise of token airdrops, staking rewards, or account verification. The attack leverages a drainer kit—a JavaScript-based toolkit designed to extract private keys, seed phrases, or authorize malicious transactions—once the victim grants wallet permissions. The infrastructure behind this campaign is hosted on Cloudflare Pages, a legitimate service often abused for phishing due to its free tier and rapid deployment capabilities.  

This domain presents multiple red flags confirmed by threat intelligence sources. VirusTotal analysis shows a detection rate of 6 out of 95 security vendors as of the latest scan, indicating moderate but insufficient recognition by automated defenses. The domain is registered through Cloudflare, Inc., a common registrar choice among phishing operators due to privacy protection and fast DNS resolution. It resolves to IP address 188.114.96.3, a Cloudflare edge server within their global network, which adds a veneer of legitimacy while obscuring the true origin. The SSL certificate is issued by Google Trust Services, a trusted authority, further enhancing the appearance of authenticity. Through independent blocklist monitoring, this domain has been flagged multiple times, though not universally, suggesting intermittent operational cycles or dynamic hosting.  

As of the latest assessment, this domain remains ACTIVE and continues to serve malicious content targeting crypto users. Immediate remediation efforts include domain takedown notifications to Cloudflare, browser blocklist updates, and integration into PhishDestroy’s real-time feed. However, due to the use of legitimate infrastructure (Cloudflare Pages, Google SSL), full eradication is challenging, and the domain may persist in alternate forms or subdomains. Users are strongly advised to avoid interacting with this domain entirely. Before any crypto-related transaction or wallet connection, verify the destination URL using PhishDestroy’s free online scanner. Remaining risk is assessed as elevated due to the combination of active infrastructure, partial detection evasion, and the high financial impact potential of crypto drainer attacks.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 6 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4f0ce3b2-f18f-442a-8ac0-2045387f68da
- PhishDestroy: https://phishdestroy.io/domain/strt-iotrzrr.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/strt-iotrzrr.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/strt-iotrzrr.pages.dev/
Last updated: 2026-03-22