# trzio-starthelp.pages.dev — SUSPICIOUS

> trzio-starthelp.pages.dev is a confirmed crypto drainer posing as a support portal. Resolves to 188.114.97.3 with 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies trzio-starthelp.pages.dev as an active crypto drainer campaign hosted on Cloudflare Pages. The domain leverages a Google Trust Services SSL certificate to impersonate a legitimate support portal, specifically targeting cryptocurrency users by tricking victims into connecting their wallets under the guise of receiving support. The threat actor’s infrastructure is currently under investigation, but technical indicators suggest ongoing malicious operations with potential for rapid expansion to additional phishing domains or payload delivery vectors. Users who interact with this domain risk immediate loss of funds through automated token approvals and transaction signing requests.

This domain was flagged by PhishDestroy’s seed 53dacb, with threat type classified as generic_phishing and risk level under_investigation. VirusTotal currently shows 0 detections out of 95 engines, indicating evasion against signature-based detection systems. The domain resolves to IP 188.114.97.3, a Cloudflare-hosted address commonly abused for phishing due to low barrier to entry and high availability. The SSL certificate is issued by Google Trust Services, which is a legitimate authority but has been observed in multiple malicious campaigns due to weak validation or compromised issuance processes. The domain is registered through Cloudflare, Inc., leveraging Pages.dev as a subdomain for rapid deployment and obfuscation. No known blocklist entries are currently recorded, and the campaign remains active with undetermined creation date, suggesting recent deployment.

Users must avoid interacting with trzio-starthelp.pages.dev entirely. If already connected, revoke wallet permissions immediately using tools like revoke.cash or your wallet’s built-in allowance manager. Never approve unsolicited token approvals or transaction requests from this domain. Report the domain to PhishDestroy and your wallet provider. Enable hardware wallet signing for all transactions to prevent automated drainer scripts. Monitor wallet activity for unusual outbound transfers, especially to unknown addresses. Use network-level protections like DNS filtering or browser extensions that block known malicious domains. Always verify support portals by visiting official websites directly and cross-referencing contact details. Stay vigilant: crypto drainers often mimic legitimate services and exploit urgency to bypass user scrutiny.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/trzio-starthelp.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/trzio-starthelp.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/trzio-starthelp.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/trzio-starthelp.pages.dev/
Last updated: 2026-04-03