# as-trezor-bridge.pages.dev — MALICIOUS

> High-risk phishing domain as-trezor-bridge.pages.dev is offline. Avoid interaction and verify site authenticity to protect your data.

## Summary
PhishDestroy identifies as-trezor-bridge.pages.dev as a high-risk phishing domain designed to deceive users, potentially leading to credential theft or financial loss. Phishing threats like this pose significant risks because they impersonate trusted services to exploit user trust, making vigilance critical.

The domain was registered recently on February 21, 2026, through Cloudflare, Inc., and quickly attracted attention from multiple security vendors, with 15 out of 95 flagging it as malicious on VirusTotal. It also appears on two security blocklists, indicating confirmed malicious activity. The domain has been taken offline, reducing immediate risk but users should remain cautious of any residual links or communications related to this domain.

Users are advised not to interact with any content from as-trezor-bridge.pages.dev or related suspicious URLs. Always verify the legitimacy of websites, especially when prompted for sensitive information. If you have interacted with this domain, monitor your accounts for suspicious activity and consider changing passwords. Employing updated security software and enabling multi-factor authentication can also help safeguard against such phishing attempts.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Trezor
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.254
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["piotr.ns.cloudflare.com", "aria.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Phishing Database", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "PhishingDB"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bbdcb-1872-760a-9584-54876e305974.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/7751911b-2608-45bf-80ad-573c105e7162
- PhishDestroy: https://phishdestroy.io/domain/as-trezor-bridge.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/as-trezor-bridge.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/as-trezor-bridge.pages.dev/
Last updated: 2026-03-19