# add-trezr-suite.pages.dev — SUSPICIOUS

> add-trezr-suite.pages.dev is a live crypto drainer impersonating Trezor Wallet with 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies add-trezr-suite.pages.dev as an active crypto-draining operation hosted on a Cloudflare page linked to IP 172.66.44.54. The domain falsely masquerades as Trezor Wallet’s official suite, tricking users into connecting their hardware wallets or entering seed phrases. The threat type is a “crypto drainer,” meaning once access is granted, funds can be silently transferred out of connected wallets without additional approval.  This domain was flagged through automated behavioral analysis and is currently under active investigation by multiple threat-intelligence teams. VirusTotal shows zero detections across 95 scanning engines as of this report, indicating the scam is newly operational or obfuscating payloads to evade detection. It was registered through Cloudflare, Inc., and secured with a Google Trust Services SSL certificate to appear legitimate. The IP 172.66.44.54 is part of Cloudflare’s edge network, commonly abused by short-lived phishing pages.  If you visited add-trezr-suite.pages.dev or entered any wallet credentials or seed phrases, revoke connected wallet permissions immediately using your wallet’s “Revoke Access” feature. Disconnect the device from the internet, check transaction history for unauthorized transfers, and consider moving remaining funds to a new, clean wallet with a fresh seed phrase. Report the domain to Trezor Wallet’s abuse team and share this alert with your network to prevent further victimization.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.54

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/add-trezr-suite.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/add-trezr-suite.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/add-trezr-suite.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/add-trezr-suite.pages.dev/
Last updated: 2026-04-04