# us-trzersuits.pages.dev — SUSPICIOUS

> Domain us-trzersuits.pages.dev poses as brand impersonation with 0/95 VirusTotal detections. It resolves to 188.114.96.3. Avoid interaction and report.

## Summary
PhishDestroy identifies us-trzersuits.pages.dev as an active brand impersonation site deployed through Cloudflare Pages. This domain attempts to masquerade as a legitimate web storefront but is engineered to harvest cryptocurrency wallet credentials or seed phrases under the guise of a “trendy suit” themed offer. Visitors are prompted to connect wallets or sign malicious transactions that drain funds to attacker-controlled addresses. Certificates issued by Google Trust Services (GTS) help lend superficial legitimacy, but the domain’s recent registration and low detection count expose its malicious intent. Technical analysis places the first observed activity within the last 48 hours, aligning with a surge in Cloudflare Pages abuse noted by security researchers examining crypto-focused campaigns.  This domain was flagged with zero detections on VirusTotal out of 95 engines as of the latest scan, underscoring how rapidly operators weaponize legitimate cloud hosting to bypass traditional filters. It was registered through Cloudflare, Inc., on 2025-04-03 and resolves to IP 188.114.96.3, a Cloudflare edge node frequently repurposed for short-lived malicious sites. Threat intelligence correlates this campaign seed ca79eb with an ongoing cluster distributing crypto drainers under the guise of fashion promotions, targeting users searching for discount branded apparel. SSL issuance via GTS does not indicate trustworthiness; rather, it reflects Cloudflare’s automated certificate pipeline being exploited to avoid browser warnings.  If you visited us-trzersuits.pages.dev, immediately disconnect any connected wallets using your wallet’s built-in security tools or by revoking permissions via Etherscan or Polygonscan. Do not enter seed phrases or private keys on the site. Scan your device with reputable antivirus and consider rotating all wallet credentials and addresses. Report the domain to PhishDestroy, Google Safe Browsing, and your local CERT to aid in takedown. Disable autofill for crypto wallets and enable transaction simulation features where available to catch outgoing transfers before they complete.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/e13a5889-a4ed-4e52-8840-e0b8b2aa0755
- PhishDestroy: https://phishdestroy.io/domain/us-trzersuits.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/us-trzersuits.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/us-trzersuits.pages.dev/
Last updated: 2026-03-24