# tersre-oi-es.pages.dev — SUSPICIOUS

> tersre-oi-es.pages.dev is a crypto drainer impersonating a brand with 0/95 VirusTotal detections. Investigate now.

## Summary
PhishDestroy identifies tersre-oi-es.pages.dev as an active crypto drainer impersonating a legitimate brand to deceive users into transferring cryptocurrency assets. The domain leverages Cloudflare Pages for hosting under the registered account, resolving to IP 172.66.47.21 with a Google Trust Services SSL certificate to enhance credibility. The threat operates through credential theft and unauthorized transaction initiation, posing imminent risk to cryptocurrency holders interacting with the impersonated brand.  This domain was flagged with 0 detections out of 95 VirusTotal engines, indicating zero current detection by antivirus or security platforms. Registered via Cloudflare, Inc., the domain resolves to IP 172.66.47.21 and utilizes a Google Trust Services SSL certificate to appear legitimate. No blocklist entries or trust score data are publicly available, suggesting a newly deployed or carefully obfuscated infrastructure. The absence of detections highlights the need for proactive monitoring, as such domains often remain undetected until widespread user reports emerge.  Mitigation requires immediate domain blocking at DNS and firewall levels to prevent user access. Users should verify all URLs before interaction, avoid clicking links in unsolicited communications, and use hardware wallets or multi-signature setups for cryptocurrency transactions. Security teams should monitor for similar domains registered through Cloudflare Pages and inspect network traffic for connections to 172.66.47.21. Reporting to threat intelligence platforms and antivirus vendors is critical to increase detection coverage and prevent further victimization.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.21

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/043dc230-d90c-4f2e-bd84-91862d10d893
- PhishDestroy: https://phishdestroy.io/domain/tersre-oi-es.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/tersre-oi-es.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/tersre-oi-es.pages.dev/
Last updated: 2026-03-25