# tresor-sui-t.pages.dev — SUSPICIOUS

> PhishDestroy identifies tresor-sui-t.pages.dev hosting a cryptocurrency drainer kit via Cloudflare Pages. VT score 0/95, IP 188.114.97.3. Check the full report.

## Summary
tresor-sui-t.pages.dev has been flagged for hosting a generic phishing campaign distributing a cryptocurrency drainer kit. The domain leverages Cloudflare Pages for hosting, suggesting an attempt to evade traditional detection mechanisms. While no specific brand impersonation has been confirmed at this stage, the use of a drainer kit indicates a high-risk threat designed to siphon cryptocurrency assets from unsuspecting victims. Initial behavioral analysis suggests the campaign may target users through social engineering, likely via impersonation or fraudulent transaction pages. The seed identifier 1b5cb6 has been flagged for traceability in ongoing investigations.


This domain was registered through Cloudflare, Inc. and resolves to IP address 188.114.97.3. VirusTotal analysis shows 0/95 detections, indicating that security vendors have not yet flagged this domain. The domain utilizes an SSL certificate issued by Google Trust Services, which may lend it an air of legitimacy. At the time of writing, the domain has been active for an undisclosed period, and no blocklist entries have been recorded. The lack of detections underscores the importance of proactive threat intelligence monitoring to identify emerging campaigns before they escalate.


The campaign remains under investigation with an active status. PhishDestroy recommends immediate blocking of the domain and associated IP address to mitigate risk. Users are advised to exercise caution when encountering links or attachments related to this domain. While the immediate risk is not fully quantified, the combination of low detection rates, drainer kit deployment, and Cloudflare Pages hosting suggests a potentially high-impact threat. Organizations and individuals should monitor for indicators of compromise and report any suspicious activity to relevant threat intelligence platforms. The remaining risk is classified as under investigation, pending further forensic analysis.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/82ee0394-d867-44e6-bba5-fd9685bbd0b5
- PhishDestroy: https://phishdestroy.io/domain/tresor-sui-t.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/tresor-sui-t.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/tresor-sui-t.pages.dev/
Last updated: 2026-03-22