# trezzuir-sue.pages.dev — SUSPICIOUS

> trezzuir-sue.pages.dev is a live wallet drainer posing as a crypto wallet service. Resolves to 188.114.97.3 with 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies trezzuir-sue.pages.dev as an active generic phishing domain distributing a wallet drainer kit designed to steal cryptocurrency assets. The domain impersonates a legitimate crypto wallet service to deceive users into connecting malicious wallets or entering seed phrases. The threat actor behind this campaign employs a drainer script that automatically transfers funds to controlled addresses upon wallet interaction, leveraging social engineering tactics to appear authentic. Domain registration metadata and hosting infrastructure suggest coordinated malicious activity targeting crypto users globally.


Technical analysis reveals trezzuir-sue.pages.dev resolves to IP 188.114.97.3 and is registered through Cloudflare, Inc., utilizing a Google Trust Services SSL certificate for added legitimacy. VirusTotal currently reports 0/95 detections, indicating the domain has not yet been widely flagged by security vendors. The domain was flagged under seed 6ee863 as part of ongoing phishing monitoring, with active status under investigation. Despite the absence of detections, the combination of a Cloudflare-hosted phishing page, HTTPS certificate, and drainer functionality increases operational risk to users.


The domain remains active with medium persistence due to Cloudflare’s protective shielding, complicating direct takedown efforts. Users should block 188.114.97.3 at the network level and avoid all interactions with trezzuir-sue.pages.dev. Security teams are advised to monitor for related domains and update browser blocklists immediately. Remaining risk is moderate due to unflagged status and drainer toolkit effectiveness, requiring proactive user education and real-time threat intelligence updates.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/047a954e-868e-4d8d-9cd8-dcf916202bb0
- PhishDestroy: https://phishdestroy.io/domain/trezzuir-sue.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/trezzuir-sue.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/trezzuir-sue.pages.dev/
Last updated: 2026-03-25