# treizr-io-en.pages.dev — SUSPICIOUS

> treizr-io-en.pages.dev is a crypto drainer phishing site with 0/95 VirusTotal detections. Verify this domain on PhishDestroy before entering credentials or.

## Summary
PhishDestroy identifies treizr-io-en.pages.dev as an active credential-harvesting domain operating under Cloudflare’s Pages service. This subdomain-hosted website mimics legitimate login interfaces to deceive users into surrendering sensitive authentication data, including wallet passphrases and API keys. The infrastructure leverages Cloudflare’s global CDN (IP 172.66.44.215) and a Google Trust Services SSL certificate to appear trustworthy, while its primary objective remains unauthorized credential exfiltration for subsequent financial exploitation.

The domain exhibits multiple red flags consistent with fledgling phishing campaigns. VirusTotal analysis confirms zero detections from 95 security engines, indicating evasion of current detection signatures. It operates through Cloudflare, Inc., which provides anonymity to malicious actors via proxying and DDoS protection layers. While the exact creation timestamp is not publicly available, the active status suggests recent deployment. Analysts should note its alignment with “pages.dev” infrastructure—commonly abused for low-cost, rapid deployment of spoofed portals.

Users who have interacted with this domain should immediately revoke any credentials entered, disconnect connected wallets, and scan local systems for malware. Do not enter sensitive data even if the site appears legitimate, as SSL certificates and CDNs are routinely weaponized to bypass browser warnings. For ongoing monitoring, check PhishDestroy’s database using the unique seed identifier 4843fd. Early incident response can prevent unauthorized fund transfers and identity theft.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.215

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/treizr-io-en.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/treizr-io-en.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/treizr-io-en.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/treizr-io-en.pages.dev/
Last updated: 2026-04-09