# trzr-walet-lgin.pages.dev — SUSPICIOUS

> trzr-walet-lgin.pages.dev is an active phishing site mimicking crypto wallet logins. VirusTotal flags 1/95 security vendors. Check the full report.

## Summary
PhishDestroy identifies trzr-walet-lgin.pages.dev as an active phishing domain impersonating cryptocurrency wallet login portals to harvest credentials. The domain employs a generic phishing tactic, likely targeting users of popular blockchain wallets or exchanges by mimicking official login interfaces. No specific drainer kit or brand spoofing has been confirmed in this campaign, though the naming convention suggests a focus on wallet-related services.  

This domain resolves to IP address 188.114.96.3 and was registered through Cloudflare, Inc., leveraging the service’s Workers platform (pages.dev) to host malicious content. The domain utilizes a Google Trust Services SSL certificate, increasing its appearance of legitimacy. According to VirusTotal analysis, only 1 out of 95 security vendors flagged the domain at the time of detection, indicating low initial detection rates despite its malicious nature. The domain’s registration details and infrastructure placement suggest an attempt to evade traditional blocklists and automated detection mechanisms.  

As of current intelligence, the threat remains active, with no evidence of takedown or mitigation by hosting providers. Users interacting with this domain risk credential theft, financial loss, or malware infection. Immediate blocking of the domain and IP at the network or endpoint level is recommended. Enhanced monitoring for similar domains using Cloudflare Workers or Google Trust Services certificates is advised. Remaining risk is elevated due to the domain’s active status, low detection rate, and use of reputable infrastructure to host malicious content.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/24a3e975-6b55-47a1-aa8d-e1f3f9ef9bad
- PhishDestroy: https://phishdestroy.io/domain/trzr-walet-lgin.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/trzr-walet-lgin.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/trzr-walet-lgin.pages.dev/
Last updated: 2026-03-29