# tresor-s-uit.pages.dev — SUSPICIOUS

> tresor-s-uit.pages.dev poses as a cryptocurrency service but may deploy a crypto drainer kit. Users should avoid interacting with this domain, which resolves.

## Summary
PhishDestroy identifies tresor-s-uit.pages.dev as a recently activated domain flagged for potential cryptocurrency drainer activity. This site mimics legitimate crypto services to trick users into connecting wallets, enabling unauthorized token transfers. No specific drainer kit has been confirmed, but the domain’s structure and recent registration suggest a generic phishing campaign targeting crypto holders. The threat remains under active investigation due to limited intelligence.  

This domain was flagged with a VirusTotal detection score of 0/95, indicating no antivirus engines currently flag it as malicious. It was registered through Cloudflare, Inc., resolving to IP 188.114.96.3. The SSL certificate is issued by Google Trust Services, and the domain is hosted on Cloudflare Pages. No blocklist entries were found at the time of analysis, leaving users exposed to potential risks. The domain’s recent creation and generic phishing approach make it a low-signal but high-impact threat.  

The domain remains active with a status of 'under_investigation,' and no immediate remediation actions have been taken. Users are advised to avoid interacting with tresor-s-uit.pages.dev and report any suspicious activity. While the current risk is classified as low due to undetected malware, the potential for drainer kit deployment or credential theft persists. Monitoring for updated IOCs and blocklisting is strongly recommended to mitigate future exploitation.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/7d733cc8-cf9a-46df-9431-6e5105b39745
- PhishDestroy: https://phishdestroy.io/domain/tresor-s-uit.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/tresor-s-uit.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/tresor-s-uit.pages.dev/
Last updated: 2026-03-22